awx

Author: qiaofeng1227

apps/awx/.env

@@ -0,0 +1,29 @@
+W9_VERSION=22.5.0
+W9_ID=awx
+W9_POWER_PASSWORD=jxEiaLzsNBLVRQcQwueJ
+W9_REPO=quay.io/ansible/awx
+
+#### --  Not allowed to edit below environments when recreate app based on existing data  -- ####
+W9_HTTP_PORT=8052
+W9_HTTP_PORT_SET=9001
+W9_URL=InternetIP
+W9_LOGIN_USER=admin
+W9_LOGIN_PASSWORD=$W9_POWER_PASSWORD
+W9_DB_EXPOSE="postgresql"
+W9_NETWORK=websoft9
+#### -------------------------------------------------------------------------------------- ####
+
+PGDATA=/var/lib/postgresql/data/pgdata
+PASSWORD=$W9_POWER_PASSWORD
+RECEPTOR_RELEASE_WORK=False
+SDB_HOST=0.0.0.0
+SDB_PORT=7899
+AWX_GROUP_QUEUES=tower
+MAIN_NODE_TYPE="${MAIN_NODE_TYPE:-hybrid}"
+RECEPTORCTL_SOCKET=/var/run/awx-receptor/receptor.sock
+CONTROL_PLANE_NODE_COUNT=1
+EXECUTION_NODE_COUNT=0
+AWX_LOGGING_MODE=stdout
+UWSGI_MOUNT_PATH=/
+RUN_MIGRATIONS=1
+

apps/awx/CHANGELOG.md

@@ -0,0 +1,5 @@
+# CHANGELOG
+
+## Release
+### Fixes and Enhancements
+

apps/awx/Dockerfile

@@ -0,0 +1,64 @@
+FROM quay.io/ansible/awx:22.5.0
+
+ENV LANG en_US.UTF-8
+ENV LANGUAGE en_US:en
+ENV LC_ALL en_US.UTF-8
+ENV AWX_LOGGING_MODE stdout
+
+
+USER root
+RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
+ADD https://copr.fedorainfracloud.org/coprs/ansible/Rsyslog/repo/epel-9/ansible-Rsyslog-epel-9.repo /etc/yum.repos.d/ansible-Rsyslog-epel-9.repo
+# Install runtime requirements
+RUN dnf -y update && dnf install -y 'dnf-command(config-manager)' && \
+    dnf config-manager --set-enabled crb && \
+    dnf -y install acl \
+    git-core \
+    git-lfs \
+    glibc-langpack-en \
+    krb5-workstation \
+    nginx \
+    "openldap >= 2.6.2-3" \
+    postgresql \
+    rsync \
+    rsyslog-8.2102.0-106.el9 \
+    subversion \
+    sudo \
+    vim-minimal \
+    which \
+    unzip \
+    crun \
+    gdb \
+    gtk3 \
+    gettext \
+    hostname \
+    procps \
+    alsa-lib \
+    libX11-xcb \
+    libXScrnSaver \
+    iproute \
+    strace \
+    vim \
+    nmap-ncat \
+    libpq-devel \
+    nodejs \
+    nss \
+    make \
+    patch \
+    socat \
+    tmux \
+    wget \
+    diffutils \
+    unzip && \
+    dnf -y clean all 
+RUN rm -rf /root/.cache && rm -rf /tmp/*
+RUN dnf --enablerepo=baseos-debug -y install python3-debuginfo || :
+RUN dnf install -y epel-next-release && dnf install -y inotify-tools && dnf remove -y epel-next-release
+RUN dnf install -y podman && rpm --restore shadow-utils 2>/dev/null
+RUN sed -i -e 's|^#mount_program|mount_program|g' -e '/additionalimage.*/a "/var/lib/shared",' -e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' /etc/containers/storage.conf
+RUN mkdir -p /etc/containers/registries.conf.d/ && echo "unqualified-search-registries = []" >> /etc/containers/registries.conf.d/force-fully-qualified-images.conf && chmod 644 /etc/containers/registries.conf.d/force-fully-qualified-images.conf
+ADD src/config/podman-containers.conf /var/lib/awx/.config/containers/containers.conf
+RUN /var/lib/awx/venv/awx/bin/pip install "ansible-core>=2.15.0rc2,<2.16" --no-cache-dir
+COPY --from=quay.io/ansible/awx-ee:22.5.0 /usr/bin/receptor /usr/bin/receptor
+ENV PATH="/var/lib/awx/venv/awx/bin/:${PATH}"
+ENTRYPOINT ["dumb-init", "--"]

apps/awx/Notes.md

@@ -0,0 +1,22 @@
+## AWX
+
+AWX 官方为了用户更灵活的部署，提供了个性化比较强的 [docker 安装方法](ttps://github.com/ansible/awx/tree/22.5.0/tools/docker-compose)  
+
+本文档完全是基于ansible官方改造完成 [docker-compose](https://github.com/ansible/awx/tree/22.5.0/tools/docker-compose)。
+
+它主要包括两个步骤：
+
+1. 构建镜像
+
+![](https://img-1251935913.cos.ap-beijing.myqcloud.com/to/image-20230801004445721.png)
+
+2. 利用 Ansible 生成 docker-compose.yml 文件以及其他配置文件
+3. 根据生成的docker-compose改造。
+
+其中一些脚本和配置都是通过 [Makefile](https://github.com/ansible/awx/blob/22.5.0/Makefile))和[bootstrap_development.sh](https://github.com/ansible/awx/blob/22.5.0/tools/docker-compose/bootstrap_development.sh)改造而来的！
+
+
+
+启动时记得修改 `.evn`中的PASSWORD的值，会自动生成admin管理员的账号密码和postgres的密码！
+
+![image-20230801003911132](https://img-1251935913.cos.ap-beijing.myqcloud.com/to/image-20230801003911132.png)

apps/awx/README.md

@@ -0,0 +1,26 @@
+# AWX on Docker  
+
+This is an **Docker Compose solution** powered by [Websoft9](https://www.websoft9.com) based on Docker for AWX:
+
+
+ - community:  22.5.0
+
+
+## System Requirements
+
+The following are the minimal [recommended requirements](https://github.com/awx/docker#recommended-system-requirements):
+
+* **RAM**: 4 GB or more
+* **CPU**: 2 cores or higher
+* **Disk**: at least 1 GB of free space
+* **bandwidth**: more fluent experience over 100M  
+
+## Install
+
+You can install this AWX by [How to use it?](https://github.com/Websoft9/docker-library#how-to-use-it).   
+
+If you want use AWX with **Websoft9 Business Support** free, you can [subscribe AWX](https://www.websoft9.com/apps) on Cloud platform
+
+## Documentation
+
+[AWX Administrator Guide](https://support.websoft9.com/docs/awx) powered by Websoft9

apps/awx/docker-compose.yml

@@ -0,0 +1,154 @@
+# AWX default user: admin password: 123456 port：80
+# postgres user: awx password: 123456
+
+version: "3.8"
+services:
+  web:
+    image: ${W9_REPO}:${W9_VERSION}
+    container_name: ${W9_ID}
+    depends_on:
+      - redis
+      - rsyslog
+    hostname: awxweb
+    user: root
+    restart: unless-stopped
+    env_file: .env
+    command: /usr/bin/launch_awx_web.sh
+    volumes:
+      - projects:/var/lib/awx/projects/
+      - rsyslog-socket:/var/run/awx-rsyslog/
+      - awx-receptor:/var/run/awx-receptor/
+      - "./src/config/SECRET_KEY:/etc/tower/SECRET_KEY"
+      - "./src/config/supervisord_web.conf:/etc/supervisord_web.conf"
+      - "./src/config/settings.py:/etc/tower/settings.py"
+      - "./src/config/local_settings.py:/etc/tower/local_settings.py"
+      - "./src/config/websocket_secret.py:/etc/tower/websocket_secret.py"
+      - "./src/config/nginx.conf:/etc/nginx/nginx.conf"
+      - "./src/config/credentials.py:/etc/tower/conf.d/credentials.py"
+      - "./src/config/receptor/receptor-awx.conf:/etc/receptor/receptor.conf"
+      - "./src/config/receptor/receptor-awx-1.conf.lock:/etc/receptor/receptor.conf.lock"
+      - redis-socket:/var/run/redis/
+      - "/sys/fs/cgroup:/sys/fs/cgroup"
+      - shared:/var/lib/shared
+    privileged: true
+    tty: true
+    environment:
+      http_proxy:
+      https_proxy:
+      no_proxy:
+    ports:
+      - "${W9_HTTP_PORT_SET}:${W9_HTTP_PORT}"
+
+  awx:
+    # image: quay.io/ansible/awx:${W9_VERSION}
+    build:
+      context: ./
+      dockerfile: Dockerfile
+    container_name: ${W9_ID}-task
+    depends_on:
+      - redis
+      - web
+      - postgres
+      - rsyslog
+    command: sh /usr/bin/launch_awx_task.sh
+    hostname: awx_1
+    user: root
+    restart: unless-stopped
+    env_file: .env
+    volumes:
+      - "./src/config/supervisord_task.conf:/etc/supervisord_task.conf"
+      - projects:/var/lib/awx/projects/
+      - "./src/config/launch_awx_task.sh:/usr/bin/launch_awx_task.sh"
+      - rsyslog-socket:/var/run/awx-rsyslog/
+      - awx-receptor:/var/run/awx-receptor/
+      - "./src/config/SECRET_KEY:/etc/tower/SECRET_KEY"
+      - "./src/config/settings.py:/etc/tower/settings.py"
+      - "./src/config/local_settings.py:/etc/tower/local_settings.py"
+      - "./src/config/websocket_secret.py:/etc/tower/websocket_secret.py"
+      - "./src/config/nginx.conf:/etc/nginx/nginx.conf"
+      - "./src/config/credentials.py:/etc/tower/conf.d/credentials.py"
+      - "./src/config/receptor/receptor-awx.conf:/etc/receptor/receptor.conf"
+      - "./src/config/receptor/receptor-awx-1.conf.lock:/etc/receptor/receptor.conf.lock"
+      - redis-socket:/var/run/redis/
+      - "/sys/fs/cgroup:/sys/fs/cgroup"
+      - shared:/var/lib/shared
+    privileged: true
+    tty: true
+    environment:
+      http_proxy:
+      https_proxy:
+      no_proxy:
+
+  rsyslog:
+    image: quay.io/ansible/awx:${W9_VERSION}
+    container_name: awx_rsyslog
+    command: /usr/bin/launch_awx_rsyslog.sh
+    hostname: awx_rsyslog
+    user: root
+    restart: unless-stopped
+    env_file: .env
+    volumes:
+      - projects:/var/lib/awx/projects/
+      - "./src/config/launch_awx_task.sh:/usr/bin/launch_awx_task.sh"
+      - rsyslog-socket:/var/run/awx-rsyslog/
+      - awx-receptor:/var/run/awx-receptor/
+      - "./src/config/SECRET_KEY:/etc/tower/SECRET_KEY"
+      - "./src/config/settings.py:/etc/tower/settings.py"
+      - "./src/config/local_settings.py:/etc/tower/local_settings.py"
+      - "./src/config/websocket_secret.py:/etc/tower/websocket_secret.py"
+      - "./src/config/nginx.conf:/etc/nginx/nginx.conf"
+      - "./src/config/credentials.py:/etc/tower/conf.d/credentials.py"
+      - "./src/config/receptor/receptor-awx.conf:/etc/receptor/receptor.conf"
+      - "./src/config/receptor/receptor-awx-1.conf.lock:/etc/receptor/receptor.conf.lock"
+      - redis-socket:/var/run/redis/
+      - "/sys/fs/cgroup:/sys/fs/cgroup"
+    privileged: true
+    tty: true
+    environment:
+      http_proxy:
+      https_proxy:
+      no_proxy:
+
+  redis:
+    image: redis
+    container_name: awx_redis
+    restart: unless-stopped
+    env_file: .env
+    environment:
+      http_proxy:
+      https_proxy:
+      no_proxy:
+    entrypoint: ["redis-server"]
+    command: ["/usr/local/etc/redis/redis.conf"]
+    volumes:
+      - redis-socket:/var/run/redis/:rw
+      - "./src/config/redis.conf:/usr/local/etc/redis/redis.conf"
+
+  postgres:
+    image: postgres:12
+    container_name: awx_postgresql
+    restart: unless-stopped
+    env_file: .env
+    volumes:
+      - postgres_new-data:/var/lib/postgresql/data/pgdata/
+    environment:
+      POSTGRES_PASSWORD: ${PASSWORD}
+      POSTGRES_DB: ${W9_ID}
+      POSTGRES_USER: ${W9_ID}
+      http_proxy:
+      https_proxy:
+      no_proxy:
+
+volumes:
+  supervisor-socket:
+  rsyslog-socket:
+  redis-socket:
+  postgres_new-data:
+  awx-receptor:
+  projects:
+  shared:
+
+networks:
+  default:
+    name: ${W9_NETWORK}
+    external: true

apps/awx/src/README.md

@@ -0,0 +1,3 @@
+# About
+
+This folder includes files mount to container and used by Websoft9

apps/awx/src/config/SECRET_KEY

@@ -0,0 +1 @@
+changeme

apps/awx/src/config/credentials.py

@@ -0,0 +1,12 @@
+import os
+DATABASES = {
+    'default': {
+        'ATOMIC_REQUESTS': True,
+        'ENGINE': 'awx.main.db.profiled_pg',
+        'NAME': os.getenv('W9_ID'),
+        'USER': os.getenv('W9_ID'),
+        'PASSWORD': os.getenv('PASSWORD'),
+        'HOST': "postgres",
+        'PORT': "5432",
+    }
+}

apps/awx/src/config/launch_awx_task.sh

@@ -0,0 +1,57 @@
+#!/usr/bin/env bash
+if [ `id -u` -ge 500 ]; then
+    echo "awx:x:`id -u`:`id -g`:,,,:/var/lib/awx:/bin/bash" >> /tmp/passwd
+    cat /tmp/passwd > /etc/passwd
+    rm /tmp/passwd
+fi
+
+if [ -n "${AWX_KUBE_DEVEL}" ]; then
+    pushd /awx_devel
+    make awx-link
+    popd
+
+    export SDB_NOTIFY_HOST=$MY_POD_IP
+fi
+
+set -e
+export DJANGO_SUPERUSER_PASSWORD=$W9_LOGIN_PASSWORD
+# 迁移数据库
+awx-manage migrate
+
+wait-for-migrations
+
+export PATH=$PATH:/var/lib/awx/venv/awx/bin
+
+awx-manage create_preload_data
+awx-manage register_default_execution_environments
+# 创建admin账号密码
+if output=$(awx-manage createsuperuser --noinput --username=${W9_LOGIN_USER} --email=admin@localhost 2> /dev/null); then
+    echo $output
+fi
+echo "Admin password: ${DJANGO_SUPERUSER_PASSWORD}"
+
+awx-manage create_preload_data
+awx-manage register_default_execution_environments
+
+awx-manage provision_instance --hostname="awx_1" --node_type="$MAIN_NODE_TYPE"
+awx-manage register_queue --queuename=controlplane --instance_percent=100
+awx-manage register_queue --queuename=default --instance_percent=100
+
+if [[ -n "$RUN_MIGRATIONS" ]]; then
+    for (( i=1; i<$CONTROL_PLANE_NODE_COUNT; i++ )); do
+        for (( j=i + 1; j<=$CONTROL_PLANE_NODE_COUNT; j++ )); do
+            awx-manage register_peers "awx_$i" --peers "awx_$j"
+        done
+    done
+
+    if [[ $EXECUTION_NODE_COUNT > 0 ]]; then
+        awx-manage provision_instance --hostname="receptor-hop" --node_type="hop"
+        awx-manage register_peers "receptor-hop" --peers "awx_1"
+        for (( e=1; e<=$EXECUTION_NODE_COUNT; e++ )); do
+            awx-manage provision_instance --hostname="receptor-$e" --node_type="execution"
+            awx-manage register_peers "receptor-$e" --peers "receptor-hop"
+        done
+    fi
+fi
+
+exec supervisord -c /etc/supervisord_task.conf