bunny-lab/docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Docker & Kubernetes/Servers/AWX/AWX Operator/AWX Operator Deployment.md

Browse Source
This commit is contained in:
Nicole Rappe
2024-09-26 04:13:02 -06:00
parent f9cd1d8524
commit 78289eefb4
1 changed files with 7 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
Docker & Kubernetes/Servers/AWX/AWX Operator/AWX Deployment.md → Docker & Kubernetes/Servers/AWX/AWX Operator/AWX Operator Deployment.md
View File

@ -1,6 +1,3 @@
!!! warning "DEBUG SECTION"
THIS SECTION WAS CREATED TO VALIDATE IF CHANGES ARE OCCURRING TO THIS DOCUMENT
**Purpose**: **Purpose**:
Deploying a Rancher RKE2 Cluster-based Ansible AWX Operator server. This can scale to a larger more enterprise environment if needed. Deploying a Rancher RKE2 Cluster-based Ansible AWX Operator server. This can scale to a larger more enterprise environment if needed.
@ -241,60 +238,8 @@ You will need to prepare the Windows devices to allow them to be remotely contro
- [WinRM Prerequisite Setup Script](https://docs.bunny-lab.io/Docker%20%26%20Kubernetes/Servers/AWX/AWX%20Operator/Enable%20Kerberos%20WinRM/) - [WinRM Prerequisite Setup Script](https://docs.bunny-lab.io/Docker%20%26%20Kubernetes/Servers/AWX/AWX%20Operator/Enable%20Kerberos%20WinRM/)
### Create Kerberos Keytab File
Add the following file to the `/awx` folder on the AWX Operator server.
```jsx title="/awx/krb5.conf"
[libdefaults]
default_realm = BUNNY-LAB.IO
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
BUNNY-LAB.IO = {
kdc = 192.168.3.25
kdc = 192.168.3.26
admin_server = 192.168.3.25
}
[domain_realm]
192.168.3.25 = BUNNY-LAB.IO
192.168.3.26 = BUNNY-LAB.IO
.bunny-lab.io = BUNNY-LAB.IO
bunny-lab.io = BUNNY-LAB.IO
```
### Convert Keytab File into ConfigMap
Run the following command to apply the Kerberos Keytab file as a configmap into the Kubernetes cluster that we will later use AWX to make a custom Execution Environment with.
``` sh
kubectl -n awx create configmap awx-kerberos-config --from-file=/awx/krb5.conf
```
### Create Custom DNS Host Records for Domain Controllers
!!! note
This section is not strictly needed if the server has a good DNS server outside of it that can resolve the DNS of the domain controllers / devices.
You will need to be sure that AWX is able to resolve the FQDNs of the domain controllers for Kerberos to be happy. We will do this by adding another config file in the `/awx` directory and applying it to the deployment.
```jsx title="/awx/custom_dns_records.yml"
apiVersion: v1
kind: ConfigMap
metadata:
name: custom-dns
namespace: awx
data:
custom-hosts: |
192.168.3.25 LAB-DC-01.bunny-lab.io LAB-DC-01
192.168.3.26 LAB-DC-02.bunny-lab.io LAB-DC-02
192.168.3.22 VIRT-NODE-01.bunny-lab.io VIRT-NODE-01
```
Then we apply them with the following command:
``` sh
kubectl apply -f custom_dns_records.yml
```
### Create an AWX Instance Group ### Create an AWX Instance Group
At this point, we need to make a custom pod for the AWX Execution Environments that will use both a Keytab file and custom DNS servers defined by configmap files created below. Reference information was found [here](https://github.com/kurokobo/awx-on-k3s/blob/main/tips/use-kerberos.md#create-container-group). At this point, we need to make an "Instance Group" for the AWX Execution Environments that will use both a Keytab file and custom DNS servers defined by configmap files created below. Reference information was found [here](https://github.com/kurokobo/awx-on-k3s/blob/main/tips/use-kerberos.md#create-container-group).
Create the following files in the `/awx` folder on the AWX Operator server you deployed earlier when setting up the Kubernetes Cluster and deploying AWX Operator into it so we can later mount them into the new Execution Environment we will be building. Create the following files in the `/awx` folder on the AWX Operator server you deployed earlier when setting up the Kubernetes Cluster and deploying AWX Operator into it so we can later mount them into the new Execution Environment we will be building.
@ -332,20 +277,21 @@ Create the following files in the `/awx` folder on the AWX Operator server you d
custom-hosts: | custom-hosts: |
192.168.3.25 LAB-DC-01.bunny-lab.io LAB-DC-01 192.168.3.25 LAB-DC-01.bunny-lab.io LAB-DC-01
192.168.3.26 LAB-DC-02.bunny-lab.io LAB-DC-02 192.168.3.26 LAB-DC-02.bunny-lab.io LAB-DC-02
192.168.3.22 VIRT-NODE-01.bunny-lab.io VIRT-NODE-01 192.168.3.4 VIRT-NODE-01.bunny-lab.io VIRT-NODE-01
192.168.3.5 BUNNY-NODE-02.bunny-lab.io BUNNY-NODE-02
``` ```
Then we apply the configmaps to the AWX namespace with the following commands: Then we apply these configmaps to the AWX namespace with the following commands:
``` ```
cd /awx
kubectl -n awx create configmap awx-kerberos-config --from-file=/awx/krb5.conf kubectl -n awx create configmap awx-kerberos-config --from-file=/awx/krb5.conf
kubectl apply -f custom_dns_records.yml kubectl apply -f custom_dns_records.yml
``` ```
- Create Container Group with custom pod spec that mounts `krb5.conf` to allow Kerberos authentication to be used in this new Execution Environment (EE).
- Open AWX UI and click on "**Instance Groups**" under the "**Administration**" section, then press "**Add > Add container group**". - Open AWX UI and click on "**Instance Groups**" under the "**Administration**" section, then press "**Add > Add container group**".
- Enter a descriptive name as you like (e.g. `Kerberos EE`) and click the toggle "**Customize Pod Specification**". - Enter a descriptive name as you like (e.g. `Kerberos`) and click the toggle "**Customize Pod Specification**".
- Put the following YAML string in "**Custom pod spec**" then press the "**Save**" button - Put the following YAML string in "**Custom pod spec**" then press the "**Save**" button
``` yml ``` yaml
apiVersion: v1 apiVersion: v1
kind: Pod kind: Pod
metadata: metadata: