bunny-lab/docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Docker & Kubernetes/Servers/AWX/AWX Operator/Ansible AWX Operator.md

Browse Source
This commit is contained in:
Nicole Rappe
2024-07-31 21:37:45 -06:00
parent 6d2ae909ca
commit 421421ba0f
1 changed files with 54 additions and 124 deletions
Download Patch File Download Diff File Expand all files Collapse all files

178
Docker & Kubernetes/Servers/AWX/AWX Operator/Ansible AWX Operator.md
View File

@ -88,67 +88,6 @@ You will need to create these files all in the same directory using the content
namespace: awx
```
=== "add-kerberos-configmap.yml"
```jsx title="/awx/kustomization.yml"
apiVersion: apps/v1
kind: Deployment
metadata:
name: awx
namespace: awx
spec:
template:
spec:
containers:
- name: awx
volumeMounts:
- name: krb5-config
mountPath: /etc/krb5.conf
subPath: krb5.conf
volumes:
- name: krb5-config
configMap:
name: krb5-config
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: awx-task
namespace: awx
spec:
template:
spec:
containers:
- name: awx-task
volumeMounts:
- name: krb5-config
mountPath: /etc/krb5.conf
subPath: krb5.conf
volumes:
- name: krb5-config
configMap:
name: krb5-config
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: awx-web
namespace: awx
spec:
template:
spec:
containers:
- name: awx-web
volumeMounts:
- name: krb5-config
mountPath: /etc/krb5.conf
subPath: krb5.conf
volumes:
- name: krb5-config
configMap:
name: krb5-config
```
## Ensure the Kubernetes Cluster is Ready
Check that the status of the cluster is ready by running the following commands, it should appear similar to the [Rancher RKE2 Example](https://docs.bunny-lab.io/Containers/Kubernetes/Rancher%20RKE2/Rancher%20RKE2%20Cluster/#install-helm-rancher-certmanager-jetstack-rancher-and-longhorn):
```
@ -188,76 +127,67 @@ kubectl apply -k .
## Add Kerberos Authentication (Windows)
You may find that you need to be able to remotely control domain-joined Windows devices using Kerberos. You need to go through some extra steps to set this up after you have successfully deployed AWX Operator into Kubernetes.
Add the following Kubernetes patch file to the `/awx` folder on the AWX Operator server.
### Create Kerberos Keytab File
Add the following file to the `/awx` folder on the AWX Operator server.
=== "krb5-configmap.yml"
```jsx title="/awx/krb5.conf"
[libdefaults]
default_realm = BUNNY-LAB.IO
dns_lookup_realm = false
dns_lookup_kdc = false
```jsx title="/awx/krb5-configmap.yml"
apiVersion: v1
kind: ConfigMap
metadata:
name: krb5-config
namespace: awx
data:
krb5.conf: |
[libdefaults]
default_realm = BUNNY-LAB.IO
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
BUNNY-LAB.IO = {
kdc = 192.168.3.25
kdc = 192.168.3.26
admin_server = 192.168.3.25
}
[realms]
BUNNY-LAB.IO = {
kdc = 192.168.3.25
kdc = 192.168.3.26
admin_server = 192.168.3.25
}
[domain_realm]
.bunny-lab.io = BUNNY-LAB.IO
bunny-lab.io = BUNNY-LAB.IO
```
=== "kerberos-patch.yml"
```jsx title="/awx/ingress.yml"
apiVersion: apps/v1
kind: Deployment
metadata:
name: awx-task
namespace: awx
spec:
template:
spec:
containers:
- name: awx-task
volumeMounts:
- name: krb5-config
mountPath: /etc/krb5.conf
subPath: krb5.conf
volumes:
- name: krb5-config
configMap:
name: krb5-config
```
Then run the following commands to apply the configmap to the Kubernetes cluster, then patch each container to add the file.
[domain_realm]
.bunny-lab.io = BUNNY-LAB.IO
bunny-lab.io = BUNNY-LAB.IO
```
### Convert Keytab File into ConfigMap
Run the following command to apply the Kerberos Keytab file as a configmap into the Kubernetes cluster that we will later use AWX to make a custom Execution Environment with.
``` sh
# Apply the Kerberos ConfigMap into Kubernetes Cluster
kubectl apply -f /awx/krb5-configmap.yml
kubectl -n awx create configmap awx-kerberos-config --from-file=/awx/krb5.conf
```
# Extract and apply patch for awx-task pod
kubectl patch deployment awx-task -n awx --patch "$(cat awx-task-patch.yml)"
# Scale down to 0
kubectl scale deployment awx-task -n awx --replicas=0
# Check to ensure it has scaled down to 0 by disappearing from this list.
kubectl get pods -n awx
# Scale it back up to 1
kubectl scale deployment awx-task -n awx --replicas=1
### Create an AWX Container Group
At this point, we need to make a custom pod for the AWX Execution Environments that will use this Kerberos file. Reference information was found [here](https://github.com/kurokobo/awx-on-k3s/blob/main/tips/use-kerberos.md#create-container-group).
- Create Container Group with custom pod spec that mounts `krb5.conf` to allow Kerberos authentication to be used in this new Execution Environment (EE).
- Open AWX UI and click on "Instance Groups" under the "Administration" section, then press "Add > Add container group".
- Enter a descriptive name as you like (e.g. Kerberos EE) and click the toggle "Customize Pod Specification".
- Put the following YAML string in "Custom pod spec" then press the "Save" button
``` yml
apiVersion: v1
kind: Pod
metadata:
namespace: awx
spec:
serviceAccountName: default
automountServiceAccountToken: false
containers:
- image: 'quay.io/ansible/awx-ee:latest'
name: worker
args:
- ansible-runner
- worker
- '--private-data-dir=/runner'
resources:
requests:
cpu: 250m
memory: 100Mi
volumeMounts:
- name: awx-kerberos-volume
mountPath: /etc/krb5.conf
subPath: krb5.conf
volumes:
- name: awx-kerberos-volume
configMap:
name: awx-kerberos-config
```
## Access the AWX WebUI behind Ingress Controller