何宇泽

Ansible Tower-安装配置及破解

发表于 更新于 分类于
本文字数: 6.5k 阅读时长 ≈ 6 分钟

1. Ansible Tower-安装配置及破解

https://www.cnblogs.com/hujinzhong/p/12172903.html

https://kionf.com/2018/11/21/tower-useage/

1.1. ansible-tower简介

1)公司中实现运维自动化的架构中主要用到ansible,ansible脚本在部署服务器指令行中显得不太直观。Ansible-Tower(之前叫做awx)是将ansible的指令界面化,简明直观,简单易用。

2)Ansibke-tower其实就是一个图形化的任务调度,复杂服务部署,IT自动化的一个管理平台,属于发布配置管理系统,支持Api及界面操作,Django编写。

3)Ansible-tower可以通过界面从github拉取最新playbook实施服务部署,提高生产效率。当然它也提供一个RESET API和命令行的CLI以供python脚本调用

官方网站:https://www.ansible.com/products/tower
中文指南:http://www.ansible.com.cn/docs/tower.html
官方安装文档:http://docs.ansible.com/ansible-tower/latest/html/quickinstall/index.html
官方源地址:http://releases.ansible.com/ansible-tower/setup-bundle/

1.2. ansible-tower安装及配置

下载解压

1
2
3
4
5
6
[root@mgmt2 ~]# cd /opt/
[root@mgmt2 opt]# wget https://releases.ansible.com/ansible-tower/setup-bundle/ansible-tower-setup-bundle-3.6.2-1.el7.tar.gz
[root@mgmt2 opt]# tar xf ansible-tower-setup-bundle-3.6.2-1.el7.tar.gz
[root@mgmt2 opt]# cd ansible-tower-setup-bundle-3.6.2-1/
[root@mgmt2 ansible-tower-setup-bundle-3.6.2-1]# ls
backup.yml  bundle  group_vars  install.yml  inventory  licenses  README.md  rekey.yml  restore.yml  roles  setup.sh

修改inventory配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
[root@mgmt2 ansible-tower-setup-bundle-3.6.2-1]# vim inventory
[tower]
localhost ansible_connection=local
 
[database]
 
[all:vars]
admin_password='tower'   #tower登录密码
 
pg_host=''
pg_port=''
 
pg_database='awx'
pg_username='awx'
pg_password='tower'
pg_sslmode='prefer'  # set to 'verify-full' for client-side enforced SSL
 
rabbitmq_username=tower
rabbitmq_password='tower'
rabbitmq_cookie=cookiemonster
 
# Isolated Tower nodes automatically generate an RSA key for authentication;
# To disable this behavior, set this value to false
# isolated_key_generation=true
 
 
# SSL-related variables
 
# If set, this will install a custom CA certificate to the system trust store.
# custom_ca_cert=/path/to/ca.crt
 
# Certificate and key to install in nginx for the web UI and API
# web_server_ssl_cert=/path/to/tower.cert
# web_server_ssl_key=/path/to/tower.key
 
# Use SSL for RabbitMQ inter-node communication.  Because RabbitMQ never
# communicates outside the cluster, a private CA and certificates will be
# created, and do not need to be supplied.
# rabbitmq_use_ssl=False
 
# Server-side SSL settings for PostgreSQL (when we are installing it).
# postgres_use_ssl=False
# postgres_ssl_cert=/path/to/pgsql.crt
# postgres_ssl_key=/path/to/pgsql.key

开始安装

1
[root@mgmt2 ansible-tower-setup-bundle-3.6.2-1]# ./setup.sh

浏览器访问

https://192.168.101.200

ansible

登陆后这里需要认证

ansible

1.3. ansible-tower破解

1
2
3
4
5
[root@mgmt2 ~]# cd /var/lib/awx/venv/awx/lib/python3.6/site-packages/tower_license
[root@mgmt2 tower_license]# ll
total 8
-rw-r--r-- 1 root root 7764 Dec 14  2019 __init__.pyc
drwxr-xr-x 2 root root   37 Sep  8 16:06 __pycache__

安装pip

1
2
3
4
5
6
[root@mgmt2 tower_license]# wget https://bootstrap.pypa.io/get-pip.py
[root@mgmt2 tower_license]# python3 get-pip.py
[root@mgmt2 tower_license]# pip -V
pip 21.2.4 from /usr/local/lib/python3.6/site-packages/pip (python 3.6)

[root@mgmt2 tower_license]# pip install uncompyle6

反汇编init.pyc

1
2
3
4
5
6
7
[root@mgmt2 tower_license]# uncompyle6 __init__.pyc >__init__.py
[root@mgmt2 tower_license]# ll
total 1932
-rw-r--r-- 1 root root 1957374 Aug  6 19:15 get-pip.py
-rw-r--r-- 1 root root   11453 Sep  9 09:45 __init__.py
-rw-r--r-- 1 root root    7764 Dec 14  2019 __init__.pyc
drwxr-xr-x 2 root root      37 Sep  8 16:06 __pycache__

修改__init__.py文件

[root@mgmt2 tower_license]# vim __init__.py

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
    def _check_cloudforms_subscription(self):
        return True    #添加这一行
        if os.path.exists('/var/lib/awx/i18n.db'):
            return True
        else:
            if os.path.isdir('/opt/rh/cfme-appliance'):
                if os.path.isdir('/opt/rh/cfme-gemset'):
                    pass
            try:
                has_rpms = subprocess.call(['rpm', '--quiet', '-q', 'cfme', 'cfme-appliance', 'cfme-gemset'])
                if has_rpms == 0:
                    return True
            except OSError:
                pass
 
            return False
....

# 修改"license_date=253370764800L" 为 "license_date=253370764800"
    def _generate_cloudforms_subscription(self):
        self._attrs.update(dict(company_name='Red Hat CloudForms License', instance_count=MAX_INSTANCES,
          license_date=253370764800,  #修改
          license_key='xxxx',
          license_type='enterprise',
          subscription_name='Red Hat CloudForms License'))
...

修改完重新编译

1
2
3
4
5
6
7
8
[root@mgmt2 tower_license]# python3 -m py_compile __init__.py
[root@mgmt2 tower_license]# python3 -O -m py_compile __init__.py
[root@mgmt2 tower_license]# ll
total 1932
-rw-r--r-- 1 root root 1957374 Aug  6 19:15 get-pip.py
-rw-r--r-- 1 root root   11473 Sep  9 09:51 __init__.py
-rw-r--r-- 1 root root    7764 Dec 14  2019 __init__.pyc
drwxr-xr-x 2 root root      74 Sep  9 09:53 __pycache__

重启服务

1
2
3
4
5
6
7
8
9
10
[root@mgmt2 tower_license]# ansible-tower-service restart
Restarting Tower
Redirecting to /bin/systemctl stop postgresql.service
Redirecting to /bin/systemctl stop rabbitmq-server.service
Redirecting to /bin/systemctl stop nginx.service
Redirecting to /bin/systemctl stop supervisord.service
Redirecting to /bin/systemctl start postgresql.service
Redirecting to /bin/systemctl start rabbitmq-server.service
Redirecting to /bin/systemctl start nginx.service
Redirecting to /bin/systemctl start supervisord.service

再次访问

https://192.168.101.200

ansible

另一种破解方法(未测试)

license 官方免费申请 https://www.ansible.com/license

企业版无限node破解

1
2
3
4
先申请企业版使用30天license ,激活,再执行如下:
 
echo codyguo > /var/lib/awx/i18n.db
ansible-tower-service restart

1.4. 面板介绍

# viewes
Dashboard 仪表盘展示信息的
Jobs 跑过的任务记录
Schedules 计划任务
My View 查看用户的工作模版,和任务记录
# resources
Templates 任务模版,配置调用playbook执行时的各种参数, 从此处添加计划任务
Credentials 配置连接 机器/云主机api Key/自定义的凭证类型 的账号密码等信息
Projects 这里配置项目对应的playbook,可以从Git上拉取 或从本地文件夹读取playbook
Inventories 资产清单
Inventory Scripts 自定义获取资产清单的脚本
# access
Organizations 组织管理
Users 用户管理
Teams 用户组管理
# Administration
Credential Types 自定义凭证类型,添加后可在Credentials中使用
Notifications 配置任务通知,支持电子邮件,Twillio电话等
Management Jobs 计划任务管理
Instance Groups 资产组管理
Applications 自定义应用
Settings 设置

1.5. 运行测试项目

playbook将在github上创建,Ansible Tower拉取执行,Ansible Tower的playbook默认存在 /var/lib/awx/projects/

创建host登录凭据

ansible

ansible

ansible

使用gitlab添加playbook项目

ansible

1
2
3
4
5
6
7
8
---
- hosts: a
  remote_user: root
  tasks:
    - name: Check the date on the server
      command: date
    - name: Check the ip on the server
      command: ifconfig

在Ansible Tower添加拉取gitlab项目的凭据

ansible

创建Projects

ansible

保存后Ansilble Tower会自动运行一次Update,如果要手动运行,点击列表中的刷新按钮。当gitlab上yml文件被更新或者新增后需要点击一下刷新按钮,否则JOB执行得还是原来的yml

ansible

ansible

此时在Ansible Tower服务器的/var/lib/awx/projects/目录下已经有git拉下来的完整文件结构

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
[root@mgmt2 tower_license]# cd /var/lib/awx/projects/
[root@mgmt2 projects]# ll
total 0
drwxr-xr-x 3 awx awx 34 Sep  9 11:06 _8__pull_gitlab
-rwxr-xr-x 1 awx awx  0 Sep  9 11:06 _8__pull_gitlab.lock

[root@mgmt2 projects]# cd _8__pull_gitlab/
[root@mgmt2 _8__pull_gitlab]# ll
total 4
-rw-r--r-- 1 awx awx 170 Sep  9 11:06 test.yml

[root@mgmt2 _8__pull_gitlab]# cat test.yml 
---
- hosts: test
  remote_user: root
  tasks:
    - name: Check the date on the server
      command: date
    - name: Check the ip on the server
      command: ifconfig

1.6. 创建主机清单

ansible

ansible

1.7. 创建任务模板

ansible

运行模板

ansible

ansible

点击右侧日志中change几行可以看到详细信息

ansible

ansible

-------------本文结束感谢您的阅读-------------