Ansible AWX is the upstream open source project to Ansible Tower.

For this part of the series AWX will be installed on a Centos 7 minimal host with the firewall service disabled and SELinux set to permissive. Nginx will be utilized as a reverse proxy for HTTP/S traffic to the AWX application.


Centos 7 minimal ships with python 2.7.5 which is pretty old and results in pain when working with network automation libraries. On the AWX host I have installed python 2.7.13 for use with Ansible. You can follow my guide to install python 2.7.13 and 3.6.2 here I also have an ansible role here.


The hosts in this lab get their management IP addresses via DHCP. An update to the /etc/sysconfig/network-scripts/ifcfg-eth0 file is required to use the labs dnsmasq service.


# add the following

Restart the network service.

sudo systemctl restart network

Install the AWX dependencies.

sudo yum install -y epel-release
sudo yum install -y git gettext nodejs npm gcc-c++ bzip2

Install the ansible and docker python libraries via PIP to get the latest stable releases.

sudo /usr/local/bin/pip2 install ansible docker

Install Docker

The default YUM repo has a very old version of Docker. It's best to install Docker from the Docker maintained repositories but first, remove any old versions of Docker.

sudo yum remove -y docker docker-common docker-selinux docker-engine

Install Docker dependencies.

sudo yum install -y yum-utils device-mapper-persistent-data lvm2

Add the Docker community edition repository.

sudo yum-config-manager --add-repo

Install Docker community edition.

sudo yum install -y docker-ce

Start and enable docker service

sudo systemctl start docker
sudo systemctl enable docker

Install AWX

Clone AWX Git repo.

sudo mkdir /opt/ansible && cd /opt/ansible

sudo git clone

We will customize the AWX installation by making some changes to the /opt/ansible/awx/installer/inventory file.

If you followed my guide on upgrading python2/3 then you will need to change the ansible_python_interpreter variable.


# old
localhost ansible_connection=local ansible_python_interpreter="/usr/bin/env python"

# new
localhost ansible_connection=local ansible_python_interpreter="/usr/local/bin/python2.7"

Change the AWX admin user password.


# old
# default_admin_password=password

# new

Change the database storage location.


# old

# new

Nginx will proxy HTTP/S connections to AWX so change the AWX port.


# old

# new

Run the AWX install playbook.

cd /opt/ansible/awx/installer/

sudo /usr/local/bin/ansible-playbook -i inventory install.yml


The AWX installer does not currently support enabling HTTPS. An Nginx container will be utilized to reverse proxy HTTPS to the AWX container.

Create a directory for the Nginx Docker container configs and SSL certificates.

sudo mkdir -p /opt/awx-nginx-docker/

Generate an SSL certificate and have it signed by the root CA.

cd /etc/ssl/certs

sudo openssl genrsa -out awx.lab.local.key 2048

sudo openssl req -new -key awx.lab.local.key \
    -subj "/C=AU/ST=NSW/L=NSW/O=LAB/CN=awx.lab.local" \
    -out awx.lab.local.csr

Update the awx.lab.local.key permissions.

sudo chmod 0400 awx.lab.local.key

Have CSR signed by the Root CA then add the signed awx.lab.local.crt certificate and the awx.lab.local.key key to the /opt/awx-nginx-docker/ directory on the awx host.

# on the root CA host.
cd /etc/ssl/certs

sudo openssl x509 -req -in awx.lab.local.csr \
    -CA ROOTCA.pem -CAkey ROOTCA.key -CAcreateserial \
    -out awx.lab.local.crt -days 500 -sha256

# on the awx host.
sudo cp /etc/ssl/certs/awx.lab.local.{crt,key} /opt/awx-nginx-docker/

sudo ls /opt/awx-nginx-docker/ | grep awx

Create a Dockerfile file with the following contents in the /opt/awx-nginx-docker/ directory.

# /opt/awx-nginx-docker/Dockerfile
FROM nginx:alpine
RUN mkdir -p /etc/ssl
RUN mkdir -p /etc/nginx/
COPY awx.lab.local.crt /etc/ssl/certs/awx.lab.local.crt
COPY awx.lab.local.key /etc/ssl/certs/awx.lab.local.key
COPY nginx.conf /etc/nginx/nginx.conf

Create an nginx.conf file with the following contents.

# /opt/awx-nginx-docker/nginx.conf
user nginx;
worker_processes 1;

error_log /var/log/nginx/error.log warn;
pid /var/run/;

events {
    worker_connections 1024;

http {
    server {
        listen      80;
        server_name awx.lab.local;
        rewrite     ^  https://$host$request_uri? permanent;
    server {
        listen              443;
        server_name         awx.lab.local;

        ssl on;
        ssl_certificate /etc/ssl/awx.lab.local.crt;
        ssl_certificate_key /etc/ssl/awx.lab.local.key;

        location / {
            proxy_pass          http://awx_web:8052;
            proxy_set_header    Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;

Build the Nginx container.

sudo docker image build -t awx-nginx .

Start the Nginx container.

sudo docker container run -d --name awx-nginx -p 80:80 -p 443:443 --link awx_web:awx_web awx-nginx


Once the Nignx Docker container is started login to AWX via the web GUI.

Browse to the AWX url https://<awx-hostname-or-ip> and login with the username admin and the password is Vagrant123.


The dashboard looks like this


Note: If you see the below when browsing to the URL, wait a few minutes.



Next up in part 6 of this series:


Published: 2018-02-26