Ansible Tower 3.5.1 平臺部署和破解

Ansible Tower (之前叫’AWX’)是可以幫助任何IT團隊更容易使用Ansible的解決方案。該方案基於web。

Tower容許對用戶進行權限控制，即便某用戶不能傳送某SSH憑證，你也能夠經過Tower來對該用戶共享該憑證。咱們能夠經過圖形化界面來管理Inventory，也能夠對各類各樣的雲資源作同步。Tower能夠記錄全部job的日誌，也能夠與LDAP集成，而且擁有強大的可瀏覽的REST API。Tower也提供了命令行工具，能夠與Jenkins輕鬆集成。Provisioning回調對自動伸縮拓撲圖提供了強大的支持。

• 官方網站：https://www.ansible.com/products/tower
• 中文指南：http://www.ansible.com.cn/docs/tower.html
• 官方安裝文檔：http://docs.ansible.com/ansible-tower/latest/html/quickinstall/index.html
• 官方源地址：http://releases.ansible.com/ansible-tower/setup-bundle/

請使用系統原生Python安裝，不然不少依賴包會找不到

更新yum源

更新阿里雲YUM源
一、備份
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
二、下載新的CentOS-Base.repo 到/etc/yum.repos.d/

## CentOS 6
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo

##CentOS 7
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

三、清理並重建緩存

yum clean all
yum makecache

更新阿里雲EPEL源
一、備份(若有配置其餘epel源)

mv /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel.repo.backup
mv /etc/yum.repos.d/epel-testing.repo /etc/yum.repos.d/epel-testing.repo.backup

二、下載新repo 到/etc/yum.repos.d/

## epel(RHEL 7)
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

## epel(RHEL 6)
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo

安裝、配置PostgreSQL

一、添加RPM

yum install https://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-7-x86_64/pgdg-centos96-9.6-3.noarch.rpm

二、安裝PostgreSQL 9.6
yum install postgresql96-server postgresql96-contrib
三、初始化數據庫
/usr/pgsql-9.6/bin/postgresql96-setup initdb
四、設置開機自啓動
systemctl enable postgresql-9.6.service
五、啓動服務
systemctl start postgresql-9.6.service
六、查看版本
psql --version
七、檢查服務狀態

systemctl status postgresql-9.6.service
netstat -anp|grep 5432

若是遇到啓動失敗，刪除/var/lib/pgsql/9.6/data/pg_log
再從新初始化數據庫
#/usr/pgsql-9.6/bin/postgresql96-setup initdb
Initializing database … OK

八、用戶配置

su - postgres
psql -U postgres
postgres=# ALTER USER postgres WITH PASSWORD '123456';
postgres=# CREATE ROLE tower CREATEDB PASSWORD 'admin' LOGIN;
postgres=# \q

#修改配置

sed -i 's#peer#md5#g' /var/lib/pgsql/9.6/data/pg_hba.conf
sed -i 's#ident#md5#g' /var/lib/pgsql/9.6/data/pg_hba.conf

九、開啓遠程訪問

vi /var/lib/pgsql/9.6/data/postgresql.conf

#修改listen_addresses = 'localhost' 爲 ：
listen_addresses='*'

#退出postgres用戶
exit

十、信任遠程鏈接

# vi /var/lib/pgsql/9.6/data/pg_hba.conf

###修改以下內容，信任指定服務器鏈接
# IPv4 local connections:
host    all            all      127.0.0.1/32      ident
host    all            all      192.168.137.1/32（須要鏈接的服務器IP）  trust

十一、重啓服務

systemctl restart postgresql-9.6.service

十二、測試用戶鏈接
輸入密碼鏈接，並建立數據庫

# psql -U tower -d postgres -h 127.0.0.1
\\ 輸入密碼
postgres=> create database tower;
CREATE DATABASE
postgres=> \q

安裝、配置rabbitmq

一、下載rabbitmq
下載地址：https://www.rabbitmq.com/install-rpm.html#downloads
wget http://www.rabbitmq.com/releases/rabbitmq-server/v3.6.6/rabbitmq-server-3.6.6-1.el7.noarch.rpm
wget https://github.com/rabbitmq/rabbitmq-server/releases/download/v3.7.15/rabbitmq-server-3.7.15-1.el7.noarch.rpm

二、下載erlang
下載地址：http://www.rabbitmq.com/releases/erlang
wget https://www.rabbitmq.com/releases/erlang/erlang-19.0.4-1.el7.centos.x86_64.rpm

三、安裝（注意順序，不要顛倒）
安裝erlang

rpm -ivh erlang-19.0.4-1.el7.centos.x86_64.rpm
yum install erlang

測試是否安裝成功

安裝rabbitmq

rpm -ivh rabbitmq-server-3.6.6-1.el7.noarch.rpm

//在安裝rabbitmq時提示依賴
//在安裝rabbitmq時提示依賴socat
yum install socat
而後再次安裝rabbitmq

四、啓動服務

systemctl enable rabbitmq-server
systemctl start rabbitmq-server

若是報錯，執行journalctl -xe 檢查報錯信息，通常是hostname問題

五、添加用戶admin，密碼admin123，並將admin添加至管理員組

rabbitmqctl add_user admin admin123
rabbitmqctl set_user_tags admin administrator

六、而後，咱們啓用WEB管理。

rabbitmq-plugins enable rabbitmq_management

至此，就能夠用過瀏覽器訪問rabbitmq了。

http://ip:15672

用戶就是剛纔建立的admin

安裝準備

開始安裝

cd /opt/
wget https://releases.ansible.com/ansible-tower/setup/ansible-tower-setup-3.5.1-1.tar.gz
tar zxvf ansible-tower-setup-3.5.1-1.tar.gz
cd ansible-tower-setup-3.5.1-1/

複製如下內容覆蓋 /opt/ansible-tower-setup-3.5.1-1/inventory 文件 (安裝配置的清單文件)

[tower]
localhost ansible_connection=local

[database]

[all:vars]
admin_password='admin'

pg_host='127.0.0.1'
pg_port='5432'

pg_database='tower'
pg_username='tower'
pg_password='admin'

rabbitmq_port=5672
rabbitmq_vhost=localhost
rabbitmq_username=admin
rabbitmq_password='admin123'
rabbitmq_cookie=cookiemonster

# Needs to be true for fqdns and ip addresses
rabbitmq_use_long_name=false

# Isolated Tower nodes automatically generate an RSA key for authentication;
# To disable this behavior, set this value to false
# isolated_key_generation=true

修改yum源

#修改yum源
sed -i 's#dl.fedoraproject.org/pub#mirrors.ustc.edu.cn#g' roles/repos_el/defaults/main.yml

yum -y install centos-release-scl-rh centos-release-scl
sed -i 's#mirror.centos.org#centos.ustc.edu.cn#g' /etc/yum.repos.d/CentOS-SCLo-scl.repo
sed -i 's#mirror.centos.org#centos.ustc.edu.cn#g' /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo
yum -y install supervisor

#根據 /etc/supervisord.conf 修改 supervisor.sock 位置
sed -i 's#/var/run/supervisor/supervisor.sock#/var/run/supervisor.sock#g' roles/supervisor/vars/RedHat.yml

運行安裝 ./setup.py

# 手動建立nginx用戶和組 ，不然會報錯。
groupadd nginx  
useradd -r -g nginx -s /sbin/nologin -M nginx

運行安裝程序

cd /opt/ansible-tower-setup-3.5.1-1/
./setup.sh

全程大約10分鐘左右，如無報錯，看到以下信息，說明安裝成功了。

默認用戶爲admin,密碼爲inventory文件admin_password字段配置的密碼,我這裏配置的密碼也爲admin.

報錯1

TASK [postgres : create the postgres user and set the password] *************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed to import the required Python library (psycopg2) on admin1-ops-prod-bj2's Python /usr/bin/python. Please read module documentation and install in the appropriate location"}

解決方法：

pip install psycopg2

報錯2

TASK [repos_el : Install yum repos that arrive via release packages] ********************************************************
[DEPRECATION WARNING]: Invoking "yum" only once while using a loop via squash_actions is deprecated. Instead of using a loop
 to supply multiple items and specifying `name: "{{ item }}"`, please use `name: '{{ yum_repo_packages }}'` and remove the
loop. This feature will be removed in version 2.11. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.
failed: [localhost] (item=[u'centos-release-scl']) => {"ansible_loop_var": "item", "changed": false, "item": ["centos-release-scl"], "msg": "The Python 2 bindings for rpm are needed for this module. If you require Python 3 support use the `dnf` Ansible module instead.. The Python 2 yum module is needed for this module. If you require Python 3 support use the `dnf` Ansible module instead."}

解決方法：
#使用python導入模塊失敗：http://www.javashuo.com/article/p-erhzthzq-gr.html

[ root@tower-server ]# python
Python 3.6.8 (default, Jul 25 2019, 15:22:10)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-36)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import yum
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
ModuleNotFoundError: No module named 'yum'
>>>

#在group_vars/all中加入如下配置
ansible_python_interpreter: '/usr/bin/python2.6'

報錯3

TASK [packages_el : Install the Tower RPM.] *********************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "No package matching 'ansible-tower == 3.5.1' found available, installed or updated", "rc": 126, "results": ["No package matching 'ansible-tower == 3.5.1' found available, installed or updated"]}

ansible-tower包找不到,根據自動生成的repo，發現http://releases.ansible.com/ansible-tower/setup/ 該倉庫是有對應版本的包的。只是enable=0被禁用了。

解決辦法:

手動建一個repo,避免修改後被覆蓋

cat >/etc/yum.repos.d/Ansible-Tower.repo <<EOF
[Ansible-Tower]
name=Ansible Tower Repository - $releasever $basearch
baseurl=http://releases.ansible.com/ansible-tower/rpm/epel-7-$basearch
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ansible-release
EOF

再次執行setup.sh後成功安裝並運行ansible-tower

報錯4
#個人安裝完成後，頁面502錯誤，檢查發現nginx沒權限讀取/var/run/tower/uwsgi.sock
解決方法：

# ll /var/run/tower/uwsgi.sock
srw-rw---- 1 awx nginx 0 Jul  9 11:30 /var/run/tower/uwsgi.sock

# 修改nginx配置字段
# vim /etc/nginx/nginx.conf
user awx nginx;

破解

HOSTS限制破解

反彙編init.pyc

pip install uncompyle6

cd /var/lib/awx/venv/awx/lib/python3.6/site-packages/tower_license
uncompyle6 __init__.pyc >__init__.py
rm -f __init__.pyc __init__.pyo

更改文件init.py

cd /var/lib/awx/venv/awx/lib/python3.6/site-packages/tower_license/

vim __init__.py

# _check_cloudforms_subscription方法修改以下內容,特別須要注意格式,以下:
 81     def _check_cloudforms_subscription(self):
 # 添加下面一行直接返回 True
 82         return True          
 83         if os.path.exists('/var/lib/awx/i18n.db'):
 84             return True
 85         else:
 86             if os.path.isdir('/opt/rh/cfme-appliance'):
 87                 if os.path.isdir('/opt/rh/cfme-gemset'):
 88                     pass
 89             try:
 90                 has_rpms = subprocess.call(['rpm', '--quiet', '-q', 'cfme', 'cfme-appliance', 'cfme-gemset'])
 91                 if has_rpms == 0:
 92                     return True
 93             except OSError:
 94                 pass
 95
 96             return False

修改 license_date=253370764800L 爲 license_date=253370764800

74     def _generate_cloudforms_subscription(self):
 75         self._attrs.update(dict(company_name='Red Hat CloudForms License', instance_count=9999999,
 76           license_date=253370764800,
 77           #license_date=253370764800L,  
 78           license_key='xxxx',
 79           license_type='enterprise',
 80           subscription_name='Red Hat CloudForms License'))

修改完從新編譯一下:

python -m py_compile __init__.py
python -O -m py_compile __init__.py

重啓服務:
ansible-tower-service restart

打開https://your_ip/#/license ,發現"Hosts Available"變成了9999999臺,說明破解成功,以下:

查看日誌：

/var/log/tower/setup-***********.log           # 安裝報錯
tail -100f /var/log/tower/tower.log
tail -100f /var/log/supervisor/supervisord.log