diff --git a/Docker & Kubernetes/Servers/AWX/AWX Operator/AWX Deployment.md b/Docker & Kubernetes/Servers/AWX/AWX Operator/AWX Operator Deployment.md similarity index 86% rename from Docker & Kubernetes/Servers/AWX/AWX Operator/AWX Deployment.md rename to Docker & Kubernetes/Servers/AWX/AWX Operator/AWX Operator Deployment.md index 628f40e..af372f9 100644 --- a/Docker & Kubernetes/Servers/AWX/AWX Operator/AWX Deployment.md +++ b/Docker & Kubernetes/Servers/AWX/AWX Operator/AWX Operator Deployment.md @@ -1,6 +1,3 @@ -!!! warning "DEBUG SECTION" - THIS SECTION WAS CREATED TO VALIDATE IF CHANGES ARE OCCURRING TO THIS DOCUMENT - **Purpose**: Deploying a Rancher RKE2 Cluster-based Ansible AWX Operator server. This can scale to a larger more enterprise environment if needed. @@ -241,60 +238,8 @@ You will need to prepare the Windows devices to allow them to be remotely contro - [WinRM Prerequisite Setup Script](https://docs.bunny-lab.io/Docker%20%26%20Kubernetes/Servers/AWX/AWX%20Operator/Enable%20Kerberos%20WinRM/) -### Create Kerberos Keytab File -Add the following file to the `/awx` folder on the AWX Operator server. - -```jsx title="/awx/krb5.conf" -[libdefaults] - default_realm = BUNNY-LAB.IO - dns_lookup_realm = false - dns_lookup_kdc = false - -[realms] - BUNNY-LAB.IO = { - kdc = 192.168.3.25 - kdc = 192.168.3.26 - admin_server = 192.168.3.25 - } - -[domain_realm] - 192.168.3.25 = BUNNY-LAB.IO - 192.168.3.26 = BUNNY-LAB.IO - .bunny-lab.io = BUNNY-LAB.IO - bunny-lab.io = BUNNY-LAB.IO -``` - -### Convert Keytab File into ConfigMap -Run the following command to apply the Kerberos Keytab file as a configmap into the Kubernetes cluster that we will later use AWX to make a custom Execution Environment with. -``` sh -kubectl -n awx create configmap awx-kerberos-config --from-file=/awx/krb5.conf -``` - -### Create Custom DNS Host Records for Domain Controllers -!!! note - This section is not strictly needed if the server has a good DNS server outside of it that can resolve the DNS of the domain controllers / devices. - -You will need to be sure that AWX is able to resolve the FQDNs of the domain controllers for Kerberos to be happy. We will do this by adding another config file in the `/awx` directory and applying it to the deployment. -```jsx title="/awx/custom_dns_records.yml" -apiVersion: v1 -kind: ConfigMap -metadata: - name: custom-dns - namespace: awx -data: - custom-hosts: | - 192.168.3.25 LAB-DC-01.bunny-lab.io LAB-DC-01 - 192.168.3.26 LAB-DC-02.bunny-lab.io LAB-DC-02 - 192.168.3.22 VIRT-NODE-01.bunny-lab.io VIRT-NODE-01 -``` - -Then we apply them with the following command: -``` sh -kubectl apply -f custom_dns_records.yml -``` - ### Create an AWX Instance Group -At this point, we need to make a custom pod for the AWX Execution Environments that will use both a Keytab file and custom DNS servers defined by configmap files created below. Reference information was found [here](https://github.com/kurokobo/awx-on-k3s/blob/main/tips/use-kerberos.md#create-container-group). +At this point, we need to make an "Instance Group" for the AWX Execution Environments that will use both a Keytab file and custom DNS servers defined by configmap files created below. Reference information was found [here](https://github.com/kurokobo/awx-on-k3s/blob/main/tips/use-kerberos.md#create-container-group). Create the following files in the `/awx` folder on the AWX Operator server you deployed earlier when setting up the Kubernetes Cluster and deploying AWX Operator into it so we can later mount them into the new Execution Environment we will be building. @@ -332,20 +277,21 @@ Create the following files in the `/awx` folder on the AWX Operator server you d custom-hosts: | 192.168.3.25 LAB-DC-01.bunny-lab.io LAB-DC-01 192.168.3.26 LAB-DC-02.bunny-lab.io LAB-DC-02 - 192.168.3.22 VIRT-NODE-01.bunny-lab.io VIRT-NODE-01 + 192.168.3.4 VIRT-NODE-01.bunny-lab.io VIRT-NODE-01 + 192.168.3.5 BUNNY-NODE-02.bunny-lab.io BUNNY-NODE-02 ``` -Then we apply the configmaps to the AWX namespace with the following commands: +Then we apply these configmaps to the AWX namespace with the following commands: ``` +cd /awx kubectl -n awx create configmap awx-kerberos-config --from-file=/awx/krb5.conf kubectl apply -f custom_dns_records.yml ``` -- Create Container Group with custom pod spec that mounts `krb5.conf` to allow Kerberos authentication to be used in this new Execution Environment (EE). - Open AWX UI and click on "**Instance Groups**" under the "**Administration**" section, then press "**Add > Add container group**". -- Enter a descriptive name as you like (e.g. `Kerberos EE`) and click the toggle "**Customize Pod Specification**". +- Enter a descriptive name as you like (e.g. `Kerberos`) and click the toggle "**Customize Pod Specification**". - Put the following YAML string in "**Custom pod spec**" then press the "**Save**" button -``` yml +``` yaml apiVersion: v1 kind: Pod metadata: