环境
ansible-tower 3.6.3
Ansible-tower安装
mkdir /data/ansible-tower -p;cd /data/ansible-tower
wget https://releases.ansible.com/ansible-tower/setup-bundle/ansible-tower-setup-bundle-3.6.3-1.el7.tar.gz
tar -xzf ansible-tower-setup-bundle-3.6.3-1.el7.tar.gz
cd ansible-tower-setup-bundle-3.6.3-1 && ls -l
vim inventory
[tower]
localhost ansible_connection=local
[database]
[all:vars]
admin_password='tower' #tower登录密码
pg_host=''
pg_port=''
pg_database='awx'
pg_username='awx'
pg_password='tower'
pg_sslmode='prefer' # set to 'verify-full' for client-side enforced SSL
rabbitmq_username=tower
rabbitmq_password='tower'
rabbitmq_cookie=cookiemonster
# Isolated Tower nodes automatically generate an RSA key for authentication;
# To disable this behavior, set this value to false
# isolated_key_generation=true
# SSL-related variables
# If set, this will install a custom CA certificate to the system trust store.
# custom_ca_cert=/path/to/ca.crt
# Certificate and key to install in nginx for the web UI and API
# web_server_ssl_cert=/path/to/tower.cert
# web_server_ssl_key=/path/to/tower.key
# Use SSL for RabbitMQ inter-node communication. Because RabbitMQ never
# communicates outside the cluster, a private CA and certificates will be
# created, and do not need to be supplied.
# rabbitmq_use_ssl=False
# Server-side SSL settings for PostgreSQL (when we are installing it).
# postgres_use_ssl=False
# postgres_ssl_cert=/path/to/pgsql.crt
# postgres_ssl_key=/path/to/pgsql.key开始安装
./setup.sh
访问http://ip/#/login
破解认证
cd /var/lib/awx/venv/awx/lib/python3.6/site-packages/tower_license
ll
total 8
-rw-r--r-- 1 root root 7764 Dec 14 01:39 __init__.pyc
drwxr-xr-x 2 root root 37 Jan 12 11:46 __pycache__
# 安装pip
wget https://bootstrap.pypa.io/get-pip.py
python get-pip.py
pip -V
pip 19.3.1 from /usr/lib/python2.7/site-packages/pip (python 2.7)
pip install uncompyle6
#反汇编init.pyc
uncompyle6 __init__.pyc >__init__.py
ll
-rw-r--r-- 1 root root 11502 Jan 12 12:04 __init__.py
-rw-r--r-- 1 root root 7764 Dec 14 01:39 __init__.pyc
drwxr-xr-x 2 root root 37 Jan 12 11:46 __pycache__
#修改__init__.py文件
def _check_cloudforms_subscription(self):
return True #添加这一行
if os.path.exists('/var/lib/awx/i18n.db'):
return True
else:
if os.path.isdir('/opt/rh/cfme-appliance'):
if os.path.isdir('/opt/rh/cfme-gemset'):
pass
try:
has_rpms = subprocess.call(['rpm', '--quiet', '-q', 'cfme', 'cfme-appliance', 'cfme-gemset'])
if has_rpms == 0:
return True
except OSError:
pass
return False
....
#修改"license_date=253370764800L" 为 "license_date=253370764800"
def _generate_cloudforms_subscription(self):
self._attrs.update(dict(company_name='Red Hat CloudForms License', instance_count=MAX_INSTANCES,
license_date=253370764800, #修改
license_key='xxxx',
license_type='enterprise',
subscription_name='Red Hat CloudForms License'))
...
#修改完重新编译一下
[root@tower tower_license]# python -m py_compile __init__.py
[root@tower tower_license]# python -O -m py_compile __init__.py
[root@tower tower_license]# ll
total 36
-rw-r--r-- 1 root root 11521 Jan 12 12:08 __init__.py
-rw-r--r-- 1 root root 9181 Jan 12 12:08 __init__.pyc
-rw-r--r-- 1 root root 9181 Jan 12 12:08 __init__.pyo
drwxr-xr-x 2 root root 37 Jan 12 11:46 __pycache__
#重启服务
[root@tower tower_license]# ansible-tower-service restart
访问https://ip/#/license
使用
创建测试项目
- 创建host登陆凭证
可使用公钥或者密码
- 创建项目(projects)
创建项目是通过SCM TYPE 来选择创建的源,一般选择Manual、Git、Subversion,意思为tower本地、git源、svn源
这里测试采用的Manual,如果使用git源需要配置凭据
保存后Ansilble Tower会自动运行一次Update,如果要手动运行,点击列表中的刷新按钮。当github上yml文件被更新或者新增后需要点击一下刷新按钮,否则JOB执行得还是原来的yml
创建主机清单(inventory)
这里关键的为group和hosts,定义了执行组,和清单下面的主机
创建任务模板
任务模板分为两种Job template和workflow template
Job template:类似于单个任务的执行
Workflow template:工作流,类似于Jenkins里面的pipline等
template重点:
PROMPT ON LAUNCH: 勾选后会显示在执行任务时,会弹出来进行选择传参,适合用非必须传参
Survey:与上条类似,更适合用于必传参数
其它设置可自行摸索
Comments NOTHING