diff --git a/Docker & Kubernetes/Servers/AWX/AWX Operator/Ansible AWX Operator.md b/Docker & Kubernetes/Servers/AWX/AWX Operator/Ansible AWX Operator.md index 3dd2daa..2a0c477 100644 --- a/Docker & Kubernetes/Servers/AWX/AWX Operator/Ansible AWX Operator.md +++ b/Docker & Kubernetes/Servers/AWX/AWX Operator/Ansible AWX Operator.md @@ -124,6 +124,46 @@ kubectl apply -k . !!! warning "Be Patient - Wait 20 Minutes" The process may take a while to spin up AWX, postgresql, redis, and other workloads necessary for AWX to function. Depending on the speed of the server, it may take between 5 and 20 minutes for AWX to be ready to connect to. You can watch the progress via the CLI commands listed above, or directly on Rancher's WebUI at https://rancher.bunny-lab.io. +## Access the AWX WebUI behind Ingress Controller +After you have deployed AWX into the cluster, it will not be immediately accessible to the host's network (such as your personal computer) unless you set up a DNS record pointing to it. In the example above, you would have an `A` or `CNAME` DNS record pointing to the internal IP address of the Rancher RKE2 Cluster host. + +The RKE2 Cluster will translate `awx.bunny-lab.io` to the AWX web-service container(s) automatically. SSL certificates are not covered in this documentation, but suffice to say, the can be configured on another reverse proxy such as Traefik or via Cert-Manager / JetStack. The process of setting this up goes outside the scope of this document. + +!!! success "Accessing the AWX WebUI" + If you have gotten this far, you should now be able to access AWX via the WebUI and log in. + + - AWX WebUI: https://awx.bunny-lab.io + ![Ansible AWX WebUI](awx.png) + You may see a prompt about "AWX is currently upgrading. This page will refresh when complete". Be patient, let it finish. When it's done, it will take you to a login page. + AWX will generate its own secure password the first time you set up AWX. Username is `admin`. You can run the following command to retrieve the password: + ``` + kubectl get secret awx-admin-password -n awx -o jsonpath="{.data.password}" | base64 --decode ; echo + ``` + +## Change Admin Password +You will want to change the admin password straight-away. Use the following navigation structure to find where to change the password: +``` mermaid +graph LR + A[AWX Dashboard] --> B[Access] + B --> C[Users] + C --> D[admin] + D --> E[Edit] +``` + +## Troubleshooting +You may wish to want to track the deployment process to verify that it is actually doing something. There are a few Kubernetes commands that can assist with this listed below. + +!!! failure "Nested Reverse Proxy Issues" + My homelab environment primarily uses a Traefik reverse proxy to handle all communications, but AWX currently has issues running behind Traefik/NGINX, and documentation outlining how to fix this does not exist here yet. For the time being, when you create the DNS record, use an `A` record pointing directly to the IP address of the Virtual Machine running the Rancher / AWX Operator cluster. + +### AWX-Manager Deployment Logs +You may want to track the internal logs of the `awx-manager` container which is responsible for the majority of the automated deployment of AWX. You can do so by running the command below. +``` +kubectl logs -n awx awx-operator-controller-manager-6c58d59d97-qj2n2 -c awx-manager +``` +!!! note + The `-6c58d59d97-qj2n2` noted at the end of the Kubernetes "Pod" mentioned in the command above is randomized. You will need to change it based on the name shown when running the `kubectl get pods -n awx` command. + ## Kerberos Implementation You may find that you need to be able to remotely control domain-joined Windows devices using Kerberos. You need to go through some extra steps to set this up after you have successfully deployed AWX Operator into Kubernetes. @@ -211,44 +251,4 @@ ansible_winrm_transport=kerberos ansible_winrm_scheme=https ansible_winrm_server_cert_validation=ignore ansible_winrm_kerberos_realm=BUNNY-LAB.IO -``` - -## Access the AWX WebUI behind Ingress Controller -After you have deployed AWX into the cluster, it will not be immediately accessible to the host's network (such as your personal computer) unless you set up a DNS record pointing to it. In the example above, you would have an `A` or `CNAME` DNS record pointing to the internal IP address of the Rancher RKE2 Cluster host. - -The RKE2 Cluster will translate `awx.bunny-lab.io` to the AWX web-service container(s) automatically. SSL certificates are not covered in this documentation, but suffice to say, the can be configured on another reverse proxy such as Traefik or via Cert-Manager / JetStack. The process of setting this up goes outside the scope of this document. - -!!! success "Accessing the AWX WebUI" - If you have gotten this far, you should now be able to access AWX via the WebUI and log in. - - - AWX WebUI: https://awx.bunny-lab.io - ![Ansible AWX WebUI](awx.png) - You may see a prompt about "AWX is currently upgrading. This page will refresh when complete". Be patient, let it finish. When it's done, it will take you to a login page. - AWX will generate its own secure password the first time you set up AWX. Username is `admin`. You can run the following command to retrieve the password: - ``` - kubectl get secret awx-admin-password -n awx -o jsonpath="{.data.password}" | base64 --decode ; echo - ``` - -## Change Admin Password -You will want to change the admin password straight-away. Use the following navigation structure to find where to change the password: -``` mermaid -graph LR - A[AWX Dashboard] --> B[Access] - B --> C[Users] - C --> D[admin] - D --> E[Edit] -``` - -## Troubleshooting -You may wish to want to track the deployment process to verify that it is actually doing something. There are a few Kubernetes commands that can assist with this listed below. - -!!! failure "Nested Reverse Proxy Issues" - My homelab environment primarily uses a Traefik reverse proxy to handle all communications, but AWX currently has issues running behind Traefik/NGINX, and documentation outlining how to fix this does not exist here yet. For the time being, when you create the DNS record, use an `A` record pointing directly to the IP address of the Virtual Machine running the Rancher / AWX Operator cluster. - -### AWX-Manager Deployment Logs -You may want to track the internal logs of the `awx-manager` container which is responsible for the majority of the automated deployment of AWX. You can do so by running the command below. -``` -kubectl logs -n awx awx-operator-controller-manager-6c58d59d97-qj2n2 -c awx-manager -``` -!!! note - The `-6c58d59d97-qj2n2` noted at the end of the Kubernetes "Pod" mentioned in the command above is randomized. You will need to change it based on the name shown when running the `kubectl get pods -n awx` command. \ No newline at end of file +``` \ No newline at end of file