Anyone got a proper instruction set to upgrade Ansible Tower 3.4 to 3.6 ?
(Ansible 2.5, Database - postgres 9.6)
Found Ansible Doc but not in details.
Thanks
EDIT: The original question pertained to upgrading AWX. It's been edited and now pertains to upgrading Ansible Tower. My answer below only applies to upgrading AWX.
If you used the docker-compose installation method and pointed postgres_data_dir to a persistent directory on the host, upgrading AWX is straightforward. I deployed AWX 2.0.0 in 2018 and have upgraded it to every subsequent release (currently running 9.1.0) without issue. Below is my upgrade method which preserves all data including secrets between upgrades and does not rely on using the tower cli / awx cli tool.
AWX path assumptions:
Existing installation: /opt/awx
New release: /tmp/awx
AWX inventory file assumptions:
use_docker_compose=true
postgres_data_dir=/opt/postgres
docker_compose_dir=/var/lib/awx
Manual upgrade process:
Backup your AWX host before continuing! Consider backing up your postgres database as well.
Download the new release of AWX and unpack it to /tmp/awx
Ensure that the patch package is installed on the host.
Create a patch file containing the differences between the new and
existing inventory files:
diff -u /tmp/awx/installer/inventory /opt/awx/installer/inventory > /tmp/awx_inv_patch
Patch the new inventory file with the differences:
patch /tmp/awx/installer/inventory < /tmp/awx_inv_patch
Verify that the files now match:
diff -s /tmp/awx/installer/inventory /opt/awx/installer/inventory
Copy the new release directory over the existing one:
cp -Rp /tmp/awx/* /opt/awx/
Edit /var/lib/awx/docker-compose.yml and change the version numbers
after image: ansible/awx_web: and image: ansible/awx_task: to match the
new version of AWX that you're upgrading to.
Stop the current AWX containers:
cd /var/lib/awx
docker-compose stop
Run the installer:
cd /opt/awx/inventory
ansible-playbook -i inventory install.yml
AWX starts the upgrade process, which usually completes within a couple minutes. I'll typically monitor the upgrade progress with docker logs -f awx_web until I see RESULT 2 / OKREADY appear.
If everything is working as intended, I shut the containers down, pull and then recreate them using docker-compose:
cd /var/lib/awx
docker-compose stop
docker-compose pull && docker-compose up --force-recreate -d
If everything is still working as intended, I delete /tmp/awx and /tmp/awx_inv_patch.
Updgrades in AWX are not supported by ansible/redhat. Only the commercial Tower Licence allows to access scripts and procedures to do this.
From the awx project FAQ
Q: Can I upgrade from one version of AWX to another?
A: Direct in-place upgrades between AWX versions are not supported. It is possible to migrate data between different versions of AWX using the tower-cli tool. To migrate between different instances of AWX, please follow the instructions at https://github.com/ansible/awx/blob/devel/DATA_MIGRATION.md.
The reference link on github AWX project will teach you how to export your current data with tower-cli and reimport it in the new version you install. Note that all credentials are exported with blank secrets so you will have to update them with the passwords/secrets once imported.
Related
So I've read over the other articles that are similar to this question and while they provided an accepted answer, I wasn't able to quite get there. I am running AWX on Fedora 35. I have installed it using the following guide.
https://computingforgeeks.com/install-and-configure-ansible-awx-on-centos/
After I finished this guy I also did
yum install Ansible
After I did what was said to do on the juniper website which is
ansible-galaxy install collection juniper.device
sudo ansible-galaxy install Juniper.junos
When I attempt to run my template I get the following.
The other article question/answer I read earlier stated (I also went to the Ansible site) that I need to create a requirements.yml file. I'm not sure where my issue is coming into play but I can't get it to work. Either I don't know where the requirements file is supposed to go. I put it in /var/lib/awx/projects/_8__getconfigs/collections and /var/lib/awx/projects/_8__getconfigs/roles
Inside of the files is very simple (and probably wrong).
Roles
---
roles:
- name: Juniper.junos
Collections
---
collections:
- name: juniper.devices
Lastly I was talking with someone earlier and they mentioned privileges which could make sense. There is no account for awx on my system. If anyone could help me it would be greatly appreciated. Thank you in advance!
You can do that using Execution Environments in AWX
1. Create a Dockerfile from awx-ee image containing the collections:
FROM quay.io/ansible/awx-ee:latest
RUN ansible-galaxy collection install gluster.gluster \
&& ansible-galaxy collection install community.general
Build the Image: docker build -t $ImageName .
Log in to your Docker repository: docker login -u $DockerHubUser
Tag the image: docker image tag $ImageName $DockerHubUser/$ImageName:latest
Push the image to Hub: docker image push $DockerHubUser/$ImageName:latest
2. Add Execution Environment to AWX:
The image location, including the container registry, image name, and version tag
3. That's it:
I've tested that already on a fresh AWX instance, where there is no collections installed.
You don't have to refer to the collection in a requirements.yml file
Whenever a new Galaxy Collection is needed, it should be added to the Dockerfile and pushed to Hub.
You can even install normal Linux packages in the docker image if needed.
I have run into a slight snag and would appreciate some advice/help.
In my company we use Ansible Tower running ansible 2.9. Tower is being supported and run by a separate team. They manage all the collections and modules which are provided with v2.9. We use tower to create automation's mainly interacting with VMWare vCentre. During development there have been times where the 2.9 version of some modules have bugs or just dont have the functionality that the community modules have. Therefore till now we have been creating a library folder and a collections folder at the top level of our project and just adding modules which we need in there and its been working absolutely fine.
Recently however we have had the need to set up local environments to be able to make development more efficient. I have done this using vagrant and installed RHEL 8.4 with the below
ansible [core 2.13.1]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/vagrant/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/vagrant/.local/lib/python3.10/site-packages/ansible
ansible collection location = /home/vagrant/.ansible/collections:/usr/share/ansible/collections
executable location = /home/vagrant/.local/bin/ansible
python version = 3.10.5 (main, Jun 14 2022, 14:27:52) [GCC 8.4.1 20200928 (Red Hat 8.4.1-1)]
jinja version = 3.1.2
libyaml = True
Now everything has been working fine until I ran a project where I had something to do with vCenter. It threw me an error that stated that ansible could not resolve the module/action. I thought this was due to not having the modules installed so I used the ansible galaxy command to install community-vmware collection. This also worked fine. However because I have a folder called collections at my project level anything that is not part of ansible core and part of any collections, ansible looks in the project level collections folder not the one that ansible is pointing to. Due to this none of my roles are able to execute.
So my questions are:
Is it possible to have a collections folder at the project level and one at the system level and for ansible to look at both to find my module anywhere.
Is there anyway of getting the same modules that I have in ansible tower into my vagrant box so that we are developing with the same things as we would be if I was running this in tower only.
Apologies if I have missed anything out and if so please let me know and I will do my best to provide the info needed.
Thank you all in advance
I installed AWX 19.5 in k8s. I found there are these pods, containers and ee by default:
Pods
awx-postgres-0
awx-8631936913-23hfa
awx-operator-controller-manager-8631936913-23hfa
Containers
In awx-8631936913-23hfa:
awx-web
awx-task
awx-ee
redis
In awx-ee container, I found ansible and ansible-galaxy, etc been installed.
Execution Environments
AWX EE (latest) - Image: quay.io/ansible/awx-ee:latest
Control Plane Execution Environment - Image: quay.io/ansible/awx-ee:latest
When run a job template, it seems AWX will create a new pod
...
automation-job-11-abcde
Even I choose the default AWX EE (latest) as Execution Environment, the same it created new pod then deleted.
So what's the role of awx-ee container in awx-8631936913-23hfa pod? It seems even set ansible configuration and galaxy installation there won't work for jobs.
I also wonder why "awx-ee" and "automation-job" exist at the same time.
"automation-job" actually execute the playbooks. but awx-ee doesn't seem to do anything.
automation-job: created by pulled ee_image. (it could be customized ee_image)
I know that you can setup proxy in Ansible to provision behind corporate network:
https://docs.ansible.com/ansible/latest/user_guide/playbooks_environment.html
like this:
environment:
http_proxy: http://proxy.example.com:8080
Unfortunately in my case there is no access to internet from the server at all. Downloading roles locally and putting them under /roles folder seems solve the role issue, but roles still download packages from the internet when using:
package:
name: package-name
state: present
I guess there is no way to make dry/pre run so Ansible downloads all the packages, then push that into repo and run Ansible provision using locally downloaded packages?
This isn't really a question about Ansible, as all Ansible is doing is running the relevant package management system on the target host (i.e. yum, dnf or apt or whatever). So it is a question of what solution the specific package management tool provides, for this case.
There are a variety of solutions and for example in the Centos/RHEL world you can:
Create a basic mirror
Install a complete enterprise management system
There is another class of tool generally called an artefact repository. These started out life as tools to store binaries built from code, but have added a bunch of features to act as a proxy and cache packages from a wide variety of sources (OS Packages, PIP, NodeJS, Docker, etc). Two examples that have limited free offerings:
Nexus
Artifactory
They of course still need to collect those packages from a source, so at some point those are going to have to be downloaded to placed within these systems.
Like clockworknet pointed out this is more related to the RHEL package handling. Setting up local mirror somewhere inside the closed network can provide a solution in this situation. More info on "How to create a local mirror of the latest update for Red Hat Enterprise Linux 5, 6, 7 without using Satellite server?": https://access.redhat.com/solutions/23016
My solution:
Install Sonatype Nexus 3
create one or more yum proxy repositories
https://help.sonatype.com/repomanager3/formats/yum-repositories
use Ansible to add these proxies via yum_repository
https://docs.ansible.com/ansible/latest/modules/yum_repository_module.html
yum_repository:
name: proxy-repo
description: internal proxy repo
baseurl: https://your-nexus.server/url-to-repo```
note: did that for APT and works fine, would expect the same for yum
I am trying to write my first application with hyperledger.
I am running on Windows 10 pro 64-bit (10.0, Build 15063).
I have followed the prerequisites below and have installed all the appropriate dependencies from the guide: http://hyperledger-fabric.readthedocs.io/en/latest/prereqs.html.
I am able to use the out of the box scripts ./byfn.sh -m generate to set up my first network.
While trying to execute the script (./startFabric.sh), I get the error
# don't rewrite paths for Windows Git Bash users export MSYS_NO_PATHCONV=1
docker-compose -f docker-compose.yml down
Removing network net_basic
docker-compose -f docker-compose.yml up -d ca.example.com
orderer.example.com peer0.org1.example.com couchdb
Creating network "net_basic" with the default driver
Pulling couchdb (hyperledger/fabric-couchdb:latest)...
ERROR: manifest for hyperledger/fabric-couchdb:latest not found
So I got to https://hub.docker.com/r/hyperledger/fabric-couchdb/
and see that there is no latest tag for fabric-couchdb image
and I download successfully:
docker pull hyperledger/fabric-couchdb:ppc64le-1.0.2
Status: Downloaded
newer image for hyperledger/fabric-couchdb:ppc64le-1.0.2
but I am still receiving the same error
ERROR: manifest for hyperledger/fabric-couchdb:latest not found
even though I can see with docker images that I do have the fabric-couchdb image
REPOSITORY TAG IMAGE ID
CREATED SIZE
hyperledger/fabric-ca latest 7e53be14f804 3
weeks ago 238MB
hyperledger/fabric-ca x86_64-1.0.2 7e53be14f804 3
weeks ago 238MB
hyperledger/fabric-couchdb ppc64le-1.0.2 3a7f22fa9375 3
weeks ago 1.61GB
Is there a way I can get the startFabric.sh to execute properly without the latest couchdb tag?
I fixed the problem.
In "~/abric/fabric-samples/basic-network/docker-compose.yml", in the couchdb section, change the line:
image: hyperledger/fabric-couchdb
to
image: hyperledger/fabric-couchdb:x86_64-0.4.6
This is because Docker automatically pulls the latest image if no specific tag is provided.
I had the same issue a couple of days back on Ubuntu 16! Unfortunately, I missed a step "Download Platform-specific Binaries" in the setup process which didn't installed few required tools like Cryptogen.
Install the tools using the command curl -sSL https://raw.githubusercontent.com/hyperledger/fabric/v1.0.6/scripts/bootstrap.sh | bash -s 1.0.6
Set the path to the bin directory of the installation folder export PATH=<path to download location>/bin:$PATH
Hope it works for you
It seems that you've got a wong edition of hyperleddger/fabric-couchdb, the ppc641e-1.0.2 should go to x86_64-1.0.2. Once right, you can call docker tag to tag it be latest.