AWX - build to run

Voir :

• AWX sur K8S Kind - partage de fichier pour les blob - Execution pods
• https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.3/html/red_hat_ansible_automation_platform_planning_guide/platform-system-requirements
• https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.3/html/red_hat_ansible_automation_platform_installation_guide/platform-system-requirements
• https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/rpm_installation/platform-system-requirements
• https://github.com/kurokobo/awx-on-k3s/ (Install / sauvegarde / migration)

PostgreSQL requirements

Voir :

• https://docs.redhat.com/de/documentation/red_hat_ansible_automation_platform/2.4/html-single/red_hat_ansible_automation_platform_planning_guide/index#ref-postgresql-requirements

• have configured an NTP client on all nodes

Choix :

• Base de données sur le hôte ou sur K8S ?
  • Idéalement Postgres dans un conteneur : plus de souplesse avec la gestion des versions

• Réactiver SELinux
• Après avoir redéfini ipv6_disabled, si OK désactiver l'IPv6 sur le hôte et tester

Changer dans Job settings - Container Run Options

[
  "--network",
  "slirp4netns:enable_ipv6=true"
]

Désactiver le SWAP. Totalement ou memory.swap.max=0 ? Voir

cat /sys/fs/cgroup/memory.swap.max

Tester le démarrage automatique native Podman

podman update --restart=always kind-control-plane

A la place de ~/.config/systemd/user/container-kind-control-plane.service

Voir :

• https://www.sfeir.dev/cloud/un-cluster-kubernetes-local-en-quelques-secondes-avec-kind/
• https://www.metal3d.org/blog/2021/kind-avec-podman/

Voir :

• https://docs.ansible.com/projects/awx-operator/en/latest/migration/migration.html#creating-secrets-for-migration

kubectl get AWX -o json | jq '.items[0].spec'

• auto_upgrade
• hostname
• ipv6_disabled

1. Export de tous les objets AWX en YAML
2. Export de la base de données
3. Sauvegarde avec AWX Operator

awx -f yaml export > all.yaml

NOTE : Les credentials ne sont pas exportés, ni certains objets

Voir :

• https://docs.ansible.com/projects/awx-operator/en/latest/user-guide/database-configuration.html#postgresql-extra-settings
• https://stackoverflow.com/questions/42360853/how-to-backup-a-postgres-database-in-kubernetes-on-google-cloud

# retrieve your secret's name, something like awx-postgres-configuration
kubectl get secrets
 
# show secrets 
kubectl get secrets awx-your-instance-postgres-configuration -o yaml
 
kubectl port-forward awx-your-postgre-pod 5432:5432

Source : https://forum.ansible.com/t/need-advices-on-awx-config-import-export/6974/6

Voir :

• https://github.com/kurokobo/awx-on-k3s/tree/main/backup

Voir :

• https://www.redhat.com/en/blog/when-localhost-isnt-what-it-seems-in-red-hat-ansible-automation-platform-2?sc_cid=7015Y000003t7aWQAQ
• https://github.com/ansible/awx/issues/10461
• https://github.com/ansible/awx-operator/pull/412
• https://stackoverflow.com/questions/67747550/how-can-i-expose-local-data-path-to-the-temporary-job-container-awx-job-xxxxx
• https://github.com/ansible/awx/issues/15012
• https://goteleport.com/docs/machine-workload-identity/access-guides/ansible-awx/
• https://forum.ansible.com/t/the-default-execution-environment-cannot-mount-the-local-nfs-storage-volume/3472
• https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.3/html-single/red_hat_ansible_automation_platform_performance_considerations_for_operator_based_installations/index

cluster-config.yml

kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
  extraPortMappings:
    - containerPort: 30000
      hostPort: 30000
      protocol: TCP
  extraMounts:
    - containerPath: /data/files
      hostPath: /data/files

ansible-files-pv.yml

---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: awx-ansible-files-volume
spec:
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  capacity:
    storage: 2Gi
  storageClassName: local-path
  hostPath:
    path: /data/ansible-files

ansible-files-pvc.yml

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: awx-ansible-files-claim
spec:
  accessModes:
    - ReadWriteOnce
  volumeMode: Filesystem
  resources:
    requests:
      storage: 2Gi
  storageClassName: local-path

kubectl create secret generic awx-custom-certs --from-file=bundle-ca.crt=/etc/ssl/certs/ca-bundle.crt

cluster-config.yml

---

kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
  - role: control-plane
    extraPortMappings:
      - containerPort: 30000
        hostPort: 30000
        protocol: TCP
    extraMounts:
      - containerPath: /data/ansible-files
        hostPath: /data/ansible-files
      - containerPath: /data/projects
        hostPath: /data/projects
      - containerPath: /data/postgres-13
        hostPath: /data/postgres-13

Fixer la version avec l'option --image

kind create cluster --image kindest/node:v1.34.2

Available tags can be found at https://hub.docker.com/r/kindest/node/tags

kind create cluster --config=cluster-config.yml --name=kind2
 
# kubectl create deployment nginx --image=nginx --port=80
# kubectl create service nodeport nginx --tcp=80:80 --node-port=30000
 
kubectl create service nodeport awx-service --tcp=80:80 --node-port=30000

Dans jobs settings changer :

Paths to expose to isolated jobs

[
  "/etc/pki/ca-trust:/etc/pki/ca-trust:O",
  "/usr/share/pki:/usr/share/pki:O"
]

• https://github.com/kurokobo/awx-on-k3s/blob/main/tips/troubleshooting.md