Ansible-ansible tower安装及使用

发布于 2021-07-29  104 次阅读


环境

ansible-tower 3.6.3

Ansible-tower安装

mkdir /data/ansible-tower -p;cd /data/ansible-tower
wget https://releases.ansible.com/ansible-tower/setup-bundle/ansible-tower-setup-bundle-3.6.3-1.el7.tar.gz
tar -xzf ansible-tower-setup-bundle-3.6.3-1.el7.tar.gz
cd ansible-tower-setup-bundle-3.6.3-1 && ls -l
vim inventory
[tower]
localhost ansible_connection=local
 
[database]
 
[all:vars]
admin_password='tower'   #tower登录密码
 
pg_host=''
pg_port=''
 
pg_database='awx'
pg_username='awx'
pg_password='tower'
pg_sslmode='prefer'  # set to 'verify-full' for client-side enforced SSL
 
rabbitmq_username=tower
rabbitmq_password='tower'
rabbitmq_cookie=cookiemonster
 
# Isolated Tower nodes automatically generate an RSA key for authentication;
# To disable this behavior, set this value to false
# isolated_key_generation=true
 
 
# SSL-related variables
 
# If set, this will install a custom CA certificate to the system trust store.
# custom_ca_cert=/path/to/ca.crt
 
# Certificate and key to install in nginx for the web UI and API
# web_server_ssl_cert=/path/to/tower.cert
# web_server_ssl_key=/path/to/tower.key
 
# Use SSL for RabbitMQ inter-node communication.  Because RabbitMQ never
# communicates outside the cluster, a private CA and certificates will be
# created, and do not need to be supplied.
# rabbitmq_use_ssl=False
 
# Server-side SSL settings for PostgreSQL (when we are installing it).
# postgres_use_ssl=False
# postgres_ssl_cert=/path/to/pgsql.crt
# postgres_ssl_key=/path/to/pgsql.key

开始安装

./setup.sh

访问http://ip/#/login

破解认证

cd /var/lib/awx/venv/awx/lib/python3.6/site-packages/tower_license
ll
total 8
-rw-r--r-- 1 root root 7764 Dec 14 01:39 __init__.pyc
drwxr-xr-x 2 root root   37 Jan 12 11:46 __pycache__
# 安装pip
wget https://bootstrap.pypa.io/get-pip.py
python get-pip.py
pip -V
pip 19.3.1 from /usr/lib/python2.7/site-packages/pip (python 2.7)
pip install uncompyle6
#反汇编init.pyc
uncompyle6 __init__.pyc >__init__.py
ll
-rw-r--r-- 1 root root 11502 Jan 12 12:04 __init__.py
-rw-r--r-- 1 root root  7764 Dec 14 01:39 __init__.pyc
drwxr-xr-x 2 root root    37 Jan 12 11:46 __pycache__
#修改__init__.py文件
    def _check_cloudforms_subscription(self):
        return True    #添加这一行
        if os.path.exists('/var/lib/awx/i18n.db'):
            return True
        else:
            if os.path.isdir('/opt/rh/cfme-appliance'):
                if os.path.isdir('/opt/rh/cfme-gemset'):
                    pass
            try:
                has_rpms = subprocess.call(['rpm', '--quiet', '-q', 'cfme', 'cfme-appliance', 'cfme-gemset'])
                if has_rpms == 0:
                    return True
            except OSError:
                pass
 
            return False
....
 
#修改"license_date=253370764800L" 为 "license_date=253370764800"
    def _generate_cloudforms_subscription(self):
        self._attrs.update(dict(company_name='Red Hat CloudForms License', instance_count=MAX_INSTANCES,
          license_date=253370764800,  #修改
          license_key='xxxx',
          license_type='enterprise',
          subscription_name='Red Hat CloudForms License'))
...
#修改完重新编译一下
[root@tower tower_license]# python -m py_compile __init__.py
[root@tower tower_license]# python -O -m py_compile __init__.py
[root@tower tower_license]# ll
total 36
-rw-r--r-- 1 root root 11521 Jan 12 12:08 __init__.py
-rw-r--r-- 1 root root  9181 Jan 12 12:08 __init__.pyc
-rw-r--r-- 1 root root  9181 Jan 12 12:08 __init__.pyo
drwxr-xr-x 2 root root    37 Jan 12 11:46 __pycache__
 
#重启服务
[root@tower tower_license]# ansible-tower-service restart

访问https://ip/#/license

使用

创建测试项目

  • 创建host登陆凭证

可使用公钥或者密码

  • 创建项目(projects)

创建项目是通过SCM TYPE 来选择创建的源,一般选择Manual、Git、Subversion,意思为tower本地、git源、svn源

这里测试采用的Manual,如果使用git源需要配置凭据

保存后Ansilble Tower会自动运行一次Update,如果要手动运行,点击列表中的刷新按钮。当github上yml文件被更新或者新增后需要点击一下刷新按钮,否则JOB执行得还是原来的yml

创建主机清单(inventory)

这里关键的为group和hosts,定义了执行组,和清单下面的主机

创建任务模板

任务模板分为两种Job template和workflow template

Job template:类似于单个任务的执行

Workflow template:工作流,类似于Jenkins里面的pipline等

template重点:

PROMPT ON LAUNCH: 勾选后会显示在执行任务时,会弹出来进行选择传参,适合用非必须传参

Survey:与上条类似,更适合用于必传参数

其它设置可自行摸索