Task:
Create PostgreSQL database container for AAP 2.5
Notes:
- Containerized AAP 2.5 runs the component services as Podman-based containers on a RHEL host VM.
- The administrative user account has been added to the sudoers.
- The database data path is a NFS share on this host vm.
- This tech note can be used to set up a PostgreSQL container/db for anything, not just AAP.
- PostgreSQL has source on their web site. e.g. www.postgresql.org/ftp/source/v15.13/postgresql-15.13.tar.gz
In this example, we have the following set-up:
VM Host: aaphost.mindwatering.net, IP: 10.0.233.5
User: aapadmin
DB Path: ~/nfsshare/aap/db/pgsql-data/
Installation files: ~/aap25
PostgreSQL image path: ~/aap25/.../ansible-setup/bundle/images/postgresql-15.tar.gz
Prerequisite Steps:
1. Set-up aapadmin account if not already existing and member of sudoers group:
a. Create aapadmin user id:
$ ssh mwadminid@aaphost.mindwatering.net
$ sudo su -
# useradd aapadmin
# passwd aapadmin
<enter password>
b. Add to sudoers and verify file created:
# echo "aapadmin ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/aapadmin
# ls -lh /etc/sudoers.d/aapadmin
<confirm file exists>
c. Create SSH key for logins and verify exists:
# su aapadmin -
$ ssh-keygen -t rsa
<view output>
$ ls -lh .ssh/
<confirm private file "id_rsa" and public file "id_rsa.pub" exist>
d. Copy the new private key to any workstations needing it:
$ ssh-copy-id anotheruser@anotherworkstation.mindwatering.net
< enter password and confirm copied>
$ exit
2. Download and transfer the containerized AAP files from access.redhat.com to the aaphost.mindwatering.net VM
a. Download the containerized setup (offline) bundle
Downloads --> Red Hat Ansible Automation Platform Product Software
Product Variant: Red Hat Ansible Automation Platform
Version: 2.5 for RHEL 9 (latest)
Architecture: x86_64
(below) --> Product Software (tab) --> Installers and Images for Red Hat Ansible Automation Platform (v.2.5 for RHEL 9 for x86_64) (heading)
Download Now: Ansible Automation Platform 2.5 Containerized Setup Bundle
b. Make a folder for the installation file:
$ ssh aapadmin@aaphost.mindwatering.net
<enter password if not using ssh-keygen>
$ mkdir ~/aap25
c. Transfer via SCP or Filezill to aaphost.mindwatering.net
Note:
- Copy the file to the /users/aapadmin/aap25 folder just created
3. Expand/extract and verify the transferred bundle contents:
Note:
- Substitute the "n" in the file with the actual latest version number. The "n" will also be in the name of the folder.
a. Expand the tar.gz installation bundle:
$ ssh aapadmin@aaphost.mindwatering.net
<enter password if not using ssh-keygen>
$ cd ~/aap25
$ tar xvzf ansible-automation-platform-containerized-setup-bundle-2.5-n.tar.gz
<view output>
b. Verify the bundle extraction and ansible.cfg locations:
$ tree -F -L 3 ansible-automation-platform-containerized-setup-bundle-2.5-n-x86_64
<confirm output>
$ cat ./ansible-automation-platform-containerized-setup-bundle-2.5-n-x86_64/ansible-setup/ansible.cfg
<view config paths>
[defaults]
collections_path = ./collections
inventory = ./inventory
log_path = ./aap_install.log
c. View the default (incomplete) example inventory:
$ cat ./ansible-automation-platform-containerized-setup-bundle-2.5-n-x86_64/ansible-setup/inventory
<view example>
Steps:
1. Login:
$ ssh aapadmin@aaphost.mindwatering.net
<enter password if not using ssh-keygen>
2. Create database storage path and setup NFS:
a. Create the database local storage:
$ sudo su -
# mkdir -pv ~/nfsshare/aap/db/pgsql-data
# chmod 777 ~/nfsshare/aap/db/pgsql-data/
# ls -ld ~/nfsshare/aap/db/pgsql-data/
b. Install NFS:
# dnf install nfs-utils
c. Edit the /etc/exports file:
Notes:
- The format of the new line is:
/some/folder/path <iprange>/<netmask>(permissions e.g. ro or rw)
- The default/original container bridge subnet is 10.88.0.0/16, and can be configured/customized in the containers.conf, under the [network] section using the default_subnet option.
- New networks created starting with 10.89.0.0/24 through 10.255.255.0/24, this can also be customized in containers.conf, under the [network] section using the the default_subnet_pools option.
- If running the OS firewall, also open the NFS port to this computer, and the Podman subsets.
# vi /etc/exports
<add the following lines updating for your IP subnets>
/nfsshare/aap/db/pgsql-data/ 10.88.0.0/16(rw)
/nfsshare/aap/db/pgsql-data/ 10.0.233.5/32(rw)
<esc>:wq (to save)
d. Enable the NFS service and start it:
# systemctl enable nfs-server
# systemctl start nfs-server
# systemctl status nfs-server
<confirm started okay>
# exit
e. Open the firewall for NFS:
Note:
- This example opens the firewall for all. You can restrict by IP.
- The default zone=public, so technically, including the zone is not required.
$ sudo firewall-cmd --list-all
$ sudo firewall-cmd --permanent --zone=public --add-service=nfs
$ sudo firewall-cmd --permanent --zone=public --add-service=mountd
$ sudo firewall-cmd --permanent --zone=public --add-service=rpc-bind
$ sudo firewall-cmd --reload
$ sudo firewall-cmd --list-all
<verify nfs now in list>
f. Test by mounting on the current Podman host:
Since the current machine is included in the share (10.0.233.5), test using the following command:
$ mkdir ~/mounttest
$ mount -t nfs4 10.0.233.5:/nfsshare/aap/db/pgsql-data/ /users/appadmin/mounttest
$ ls ~/mounttest/
<view results>
3. Load the PostgreSQL image into Podman:
$ podman load -i ~/temp/ansible-setup/bundle/images/postgresql-15.tar.gz
$ podman images
<view output>
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.redhat.io/rhel8/postgresql-15 latest 1234abcd6123 2 hours ago 525 MB
4. Create the PostgreSQL container for AAP:
a. Create the following new script and its content.
$ vi ~/pgsql-aap-run.sh
<cntl>i, to insert/add text
# Update red hat info to your account
DB_USER=postgres
DB_PASSWD=mydbpassword
ADMIN_PASSWD=myadminpassword
# create container from image
podman run -d --name postgresql -e POSTGRESQL_ADMIN_PASSWORD=$ADMIN_PASSWD -p 5432:5432 \
-v ~/nfsshare/aap/db/pgsql-data:/var/lib/pgsql/data \
registry.redhat.io/rhel8/postgresql-15
b. Run the script:
$ ~/pgsql-aap-run.sh
$ podman ps
<view output>
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a1b234a12345 registry.redhat.io/rhel8/postgresql-15:latest run-postgresql 20 minutes ago Up 2 minutes 0.0.0.0:5432->5432/tcp postgresql
5. Create a service for the container so that we can start it automatically:
Note:
- The Podman service is a user type service managed with the systemctl --user option.
a. Create the service from the running container:
$ podman generate systemd --new --files --name postgresql
$ ls -lh ~/container-postgresql.service
b. Configure the new service to run for AAP users under the ~/systemd/user/
$ mkdir -pv ~/.config/systemd/user/
$ cp -rp ~/container-postgresql.service ~/.config/systemd/user/
c. Confirm the service was copied, and reload to make available:
$ ls -lh ~/.config/systemd/user/container-postgresql.service
$ systemctl --user daemon-reload
b. Shutdown and Start the new Postman user PostgreSQL service:
$ systemctl --user start container-postgresql.service
$ podman ps
<confirm stopped>
$ systemctl --user status container-postgresql.service
<confirmed stopped>
$ systemctl --user start container-postgresql.service
$ podman ps
<confirm started/running>
$ systemctl --user status container-postgresql.service
<confirm started/running>
d. Configure the new service to automatically run w/o a logged in admin user:
$ grep aapadmin /etc/passwd
<view results, note user id and /bin/bash, etc.>
$ loginctl enable-linger aapadmin
$ loginctl user-status | grep -i linger
<view result>
$ system-cgls
<view results>
e. Update firewalld to allow postgresql access:
$ sudo firewall-cmd --list-all
$ sudo firewall-cmd --permanent --zone=public --add-service=postgresql
$ sudo firewall-cmd --reload
$ sudo firewall-cmd --list-all
<verify postgresql service now in list>
6. Verify PostgreSQL container can run its psql client:
a. Connect to terminal w/in the postresql container:
$ podman exec -it postgresql /bin/bash --
b. Confirm psql is working:
$ psql
postgres=# \l
<view list of databases>
postgres=# \q
$ exit
7. Verify PostgreSQL psql client usage on the localhost:
a. Verify the 5432 port of the container is available on the localhost to all IPs (0.0.0.0):
$ podman port postgresql
<view output>
5432/tcp -> 0.0.0.0:5432
b. Verify psql is working locally:
$ psql --username=postgres --host=aap-db
<enter postgres user password>
postgres=# \l
<view list of databases>
postgres=# \q
previous page
|