{{tag>Brouillon}} # AWX - build to run ## AWX Resource Requirements Voir : * https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.3/html/red_hat_ansible_automation_platform_planning_guide/platform-system-requirements * https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.3/html/red_hat_ansible_automation_platform_installation_guide/platform-system-requirements * https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/rpm_installation/platform-system-requirements | Requirement | Required | | ----------- | ---------------------------------------------------- | | RAM | 16 GB | | CPUs | 4 | | Local disk | 40 GB min (20GB min available under /var/lib/awx) | | Local disk | 1500 IOPS | PostgreSQL requirements Voir : * https://docs.redhat.com/de/documentation/red_hat_ansible_automation_platform/2.4/html-single/red_hat_ansible_automation_platform_planning_guide/index#ref-postgresql-requirements | Requirement | Required | | ----------- | ------------------------------------------------------ | | RAM | 16 GB | | CPUs | 4 | | Local disk | 20 GB dedicated hard disk space. 150 GB+ recommended | | Local disk | 1500 IOPS | ## Prérequis logiciels * have configured an NTP client on all nodes ## Architecture Choix : * Base de données sur le hôte ou sur K8S ? * Idéalement Postgres dans un conteneur : plus de souplesse avec la gestion des versions ## Conf système hôte * Réactiver SELinux * Après avoir redéfini ''ipv6_disabled'', si OK désactiver l'IPv6 sur le hôte et tester Changer dans Job settings - Container Run Options ~~~python [ "--network", "slirp4netns:enable_ipv6=true" ] ~~~ Désactiver le SWAP. Totalement ou `memory.swap.max=0` ? Voir ~~~bash cat /sys/fs/cgroup/memory.swap.max ~~~ ## Conf Podman Tester le démarrage automatique native Podman ~~~bash podman update --restart=always kind-control-plane ~~~ A la place de ''~/.config/systemd/user/container-kind-control-plane.service'' ## Réseau Voir : * https://www.sfeir.dev/cloud/un-cluster-kubernetes-local-en-quelques-secondes-avec-kind/ * https://www.metal3d.org/blog/2021/kind-avec-podman/ ## Conf AWX Voir : * https://docs.ansible.com/projects/awx-operator/en/latest/migration/migration.html#creating-secrets-for-migration ~~~bash kubectl get AWX -o json | jq '.items[0].spec' ~~~ * auto_upgrade * hostname * ipv6_disabled ## Sauvegarde De tous les objets AWX : ~~~bash awx -f yaml export > all.yaml ~~~~ FIXME: prévoir l'export / import de la base ## PoC Stockage Voir : * https://www.redhat.com/en/blog/when-localhost-isnt-what-it-seems-in-red-hat-ansible-automation-platform-2?sc_cid=7015Y000003t7aWQAQ * https://github.com/ansible/awx/issues/10461 * https://github.com/ansible/awx-operator/pull/412 * https://stackoverflow.com/questions/67747550/how-can-i-expose-local-data-path-to-the-temporary-job-container-awx-job-xxxxx * https://github.com/ansible/awx/issues/15012 * https://goteleport.com/docs/machine-workload-identity/access-guides/ansible-awx/ * https://forum.ansible.com/t/the-default-execution-environment-cannot-mount-the-local-nfs-storage-volume/3472 * https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.3/html-single/red_hat_ansible_automation_platform_performance_considerations_for_operator_based_installations/index ''cluster-config.yml'' ~~~yaml kind: Cluster apiVersion: kind.x-k8s.io/v1alpha4 nodes: - role: control-plane extraPortMappings: - containerPort: 30000 hostPort: 30000 protocol: TCP extraMounts: - containerPath: /data/files hostPath: /data/files ~~~ ''ansible-files-pv.yml'' ~~~yaml --- apiVersion: v1 kind: PersistentVolume metadata: name: awx-ansible-files-volume spec: accessModes: - ReadWriteOnce persistentVolumeReclaimPolicy: Retain capacity: storage: 2Gi storageClassName: local-path hostPath: path: /data/ansible-files ~~~ ''ansible-files-pvc.yml'' ~~~yaml --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: awx-ansible-files-claim spec: accessModes: - ReadWriteOnce volumeMode: Filesystem resources: requests: storage: 2Gi storageClassName: local-path ~~~ ~~~bash kubectl create secret generic awx-custom-certs --from-file=bundle-ca.crt=/etc/ssl/certs/ca-bundle.crt ~~~ ''cluster-config.yml'' ~~~yaml --- kind: Cluster apiVersion: kind.x-k8s.io/v1alpha4 nodes: - role: control-plane extraPortMappings: - containerPort: 30000 hostPort: 30000 protocol: TCP extraMounts: - containerPath: /data/ansible-files hostPath: /data/ansible-files - containerPath: /data/projects hostPath: /data/projects - containerPath: /data/postgres-13 hostPath: /data/postgres-13 ~~~ Fixer la version avec l'option `--image` ~~~bash kind create cluster --image kindest/node:v1.34.2 ~~~ Available tags can be found at https://hub.docker.com/r/kindest/node/tags ~~~bash kind create cluster --config=cluster-config.yml --name=kind2 # kubectl create deployment nginx --image=nginx --port=80 # kubectl create service nodeport nginx --tcp=80:80 --node-port=30000 kubectl create service nodeport awx-service --tcp=80:80 --node-port=30000 ~~~ Dans jobs settings changer : Paths to expose to isolated jobs ~~~python [ "/etc/pki/ca-trust:/etc/pki/ca-trust:O", "/usr/share/pki:/usr/share/pki:O" ] ~~~