红帽全球峰会A.3. 容器化 Ansible Automation Platform 参考
您能为 Ansible Automation Platform 容器化设计提供架构的详细信息?
我们尽可能使用尽可能多的底层原生 RHEL 技术。对于容器运行时和管理服务,我们使用 Podman。许多 Podman 服务和命令用于显示和调查解决方案。
例如,使用 podman ps 和 podman images 查看一些基础并运行片段:
[aap@daap1 aap]$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
88ed40495117 registry.redhat.io/rhel8/postgresql-13:latest run-postgresql 48 minutes ago Up 47 minutes postgresql
8f55ba612f04 registry.redhat.io/rhel8/redis-6:latest run-redis 47 minutes ago Up 47 minutes redis
56c40445c590 registry.redhat.io/ansible-automation-platform-24/ee-supported-rhel8:latest /usr/bin/receptor... 47 minutes ago Up 47 minutes receptor
f346f05d56ee registry.redhat.io/ansible-automation-platform-24/controller-rhel8:latest /usr/bin/launch_a... 47 minutes ago Up 45 minutes automation-controller-rsyslog
26e3221963e3 registry.redhat.io/ansible-automation-platform-24/controller-rhel8:latest /usr/bin/launch_a... 46 minutes ago Up 45 minutes automation-controller-task
c7ac92a1e8a1 registry.redhat.io/ansible-automation-platform-24/controller-rhel8:latest /usr/bin/launch_a... 46 minutes ago Up 28 minutes automation-controller-web
[aap@daap1 aap]$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.redhat.io/ansible-automation-platform-24/ee-supported-rhel8 latest b497bdbee59e 10 days ago 3.16 GB
registry.redhat.io/ansible-automation-platform-24/controller-rhel8 latest ed8ebb1c1baa 10 days ago 1.48 GB
registry.redhat.io/rhel8/redis-6 latest 78905519bb05 2 weeks ago 357 MB
registry.redhat.io/rhel8/postgresql-13 latest 9b65bc3d0413 2 weeks ago 765 MB
[aap@daap1 aap]$容器化 Ansible Automation Platform 作为无根容器运行,以实现最大开箱即用的安全性。这意味着您可以使用任何本地非特权用户帐户安装容器化的 Ansible Automation Platform。只有某些根级别任务需要特权升级,默认情况下不需要直接使用 root 用户。
安装后,您会注意到某些项目已在运行安装程序的文件系统上填充(底层 RHEL 主机)。
[aap@daap1 aap]$ tree -L 1
.
├── aap_install.log
├── ansible.cfg
├── collections
├── galaxy.yml
├── inventory
├── LICENSE
├── meta
├── playbooks
├── plugins
├── README.md
├── requirements.yml
├── roles使用 Podman 卷等内容的其他容器化服务驻留在所使用的安装根目录下。以下是进一步参考的一些示例:
containers 目录包含一些用于执行平面的 Podman 细节:
containers/
├── podman
├── storage
│ ├── defaultNetworkBackend
│ ├── libpod
│ ├── networks
│ ├── overlay
│ ├── overlay-containers
│ ├── overlay-images
│ ├── overlay-layers
│ ├── storage.lock
│ └── userns.lock
└── storage.conf控制器目录具有一些已安装的配置和运行时数据点:
controller/
├── data
│ ├── job_execution
│ ├── projects
│ └── rsyslog
├── etc
│ ├── conf.d
│ ├── launch_awx_task.sh
│ ├── settings.py
│ ├── tower.cert
│ └── tower.key
├── nginx
│ └── etc
├── rsyslog
│ └── run
└── supervisor
└── runreceptor 目录有自动化网格配置:
receptor/
├── etc
│ └── receptor.conf
└── run
├── receptor.sock
└── receptor.sock.lock
安装后,您还将在本地用户主目录(如 .cache 目录)中找到其他部分:
.cache/
├── containers
│ └── short-name-aliases.conf.lock
└── rhsm
└── rhsm.log
正如我们默认以最安全的方式(如无根 Podman)运行一样,我们还可以使用其他服务,如将 systemd 作为非特权用户运行。在 systemd 下,您可以看到一些可用的组件服务控制:
.config 目录:
.config/
├── cni
│ └── net.d
│ └── cni.lock
├── containers
│ ├── auth.json
│ └── containers.conf
└── systemd
└── user
├── automation-controller-rsyslog.service
├── automation-controller-task.service
├── automation-controller-web.service
├── default.target.wants
├── podman.service.d
├── postgresql.service
├── receptor.service
├── redis.service
└── sockets.target.wants
这特定于 Podman,符合开放容器项目(OCI)规格。默认情况下,Podman 运行为 root 用户将使用 /var/lib/containers,而用于 $HOME/.local 下的层次结构。
.local 目录:
.local/
└── share
└── containers
├── cache
├── podman
└── storage
As an example `.local/storage/volumes` contains what the output from `podman volume ls` provides:
[aap@daap1 containers]$ podman volume ls
DRIVER VOLUME NAME
local d73d3fe63a957bee04b4853fd38c39bf37c321d14fdab9ee3c9df03645135788
local postgresql
local redis_data
local redis_etc
local redis_run我们将执行平面与 control plane 主服务(PostgreSQL、Redis、automation controller、receptor、automation hub 和 Event-Driven Ansible 隔离)。
control plane 服务使用标准 Podman 配置(~/.local/share/containers/storage)运行。
执行平面服务使用专用配置或存储(~/aap/containers/storage)来避免执行 plane 容器可以与 control plane 交互。
如何查看主机资源利用率统计信息?
- 运行:
$ podman container stats -apodman container stats -a
ID NAME CPU % MEM USAGE / LIMIT MEM % NET IO BLOCK IO PIDS CPU TIME AVG CPU %
0d5d8eb93c18 automation-controller-web 0.23% 959.1MB / 3.761GB 25.50% 0B / 0B 0B / 0B 16 20.885142s 1.19%
3429d559836d automation-controller-rsyslog 0.07% 144.5MB / 3.761GB 3.84% 0B / 0B 0B / 0B 6 4.099565s 0.23%
448d0bae0942 automation-controller-task 1.51% 633.1MB / 3.761GB 16.83% 0B / 0B 0B / 0B 33 34.285272s 1.93%
7f140e65b57e receptor 0.01% 5.923MB / 3.761GB 0.16% 0B / 0B 0B / 0B 7 1.010613s 0.06%
c1458367ca9c redis 0.48% 10.52MB / 3.761GB 0.28% 0B / 0B 0B / 0B 5 9.074042s 0.47%
ef712cc2dc89 postgresql 0.09% 21.88MB / 3.761GB 0.58% 0B / 0B 0B / 0B 21 15.571059s 0.80%前者是 Dell 销售并提供容器化的 Ansible Automation Platform 解决方案(DAAP)安装并利用 ~1.8Gb RAM 的示例。
使用多少存储以及在哪里?
当我们运行无根 Podman 时,容器卷存储位于位于 $HOME/.local/share/containers/storage/volumes 的本地用户下。
查看每个卷运行的详情:
$ podman volume ls然后运行:
$ podman volume inspect <volume_name>
下面是一个示例:
$ podman volume inspect postgresql
[
{
"Name": "postgresql",
"Driver": "local",
"Mountpoint": "/home/aap/.local/share/containers/storage/volumes/postgresql/_data",
"CreatedAt": "2024-01-08T23:39:24.983964686Z",
"Labels": {},
"Scope": "local",
"Options": {},
"MountCount": 0,
"NeedsCopyUp": true
}
]
安装程序创建的几个文件位于 $HOME/aap/ 中,绑定挂载到不同的正在运行的容器中。
查看与容器运行关联的挂载:
$ podman ps --format "{{.ID}}\t{{.Command}}\t{{.Names}}"Example: $ podman ps --format "{{.ID}}\t{{.Command}}\t{{.Names}}" 89e779b81b83 run-postgresql postgresql 4c33cc77ef7d run-redis redis 3d8a028d892d /usr/bin/receptor... receptor 09821701645c /usr/bin/launch_a... automation-controller-rsyslog a2ddb5cac71b /usr/bin/launch_a... automation-controller-task fa0029a3b003 /usr/bin/launch_a... automation-controller-web 20f192534691 gunicorn --bind 1... automation-eda-api f49804c7e6cb daphne -b 127.0.0... automation-eda-daphne d340b9c1cb74 /bin/sh -c nginx ... automation-eda-web 111f47de5205 aap-eda-manage rq... automation-eda-worker-1 171fcb1785af aap-eda-manage rq... automation-eda-worker-2 049d10555b51 aap-eda-manage rq... automation-eda-activation-worker-1 7a78a41a8425 aap-eda-manage rq... automation-eda-activation-worker-2 da9afa8ef5e2 aap-eda-manage sc... automation-eda-scheduler 8a2958be9baf gunicorn --name p... automation-hub-api 0a8b57581749 gunicorn --name p... automation-hub-content 68005b987498 nginx -g daemon o... automation-hub-web cb07af77f89f pulpcore-worker automation-hub-worker-1 a3ba05136446 pulpcore-worker automation-hub-worker-2然后运行:
$ podman inspect <container_name> | jq -r .[].Mounts[].SourceExample: /home/aap/.local/share/containers/storage/volumes/receptor_run/_data /home/aap/.local/share/containers/storage/volumes/redis_run/_data /home/aap/aap/controller/data/rsyslog /home/aap/aap/controller/etc/tower.key /home/aap/aap/controller/etc/conf.d/callback_receiver_workers.py /home/aap/aap/controller/data/job_execution /home/aap/aap/controller/nginx/etc/controller.conf /home/aap/aap/controller/etc/conf.d/subscription_usage_model.py /home/aap/aap/controller/etc/conf.d/cluster_host_id.py /home/aap/aap/controller/etc/conf.d/insights.py /home/aap/aap/controller/rsyslog/run /home/aap/aap/controller/data/projects /home/aap/aap/controller/etc/settings.py /home/aap/aap/receptor/etc/receptor.conf /home/aap/aap/controller/etc/conf.d/execution_environments.py /home/aap/aap/tls/extracted /home/aap/aap/controller/supervisor/run /home/aap/aap/controller/etc/uwsgi.ini /home/aap/aap/controller/etc/conf.d/container_groups.py /home/aap/aap/controller/etc/launch_awx_task.sh /home/aap/aap/controller/etc/tower.cert如果没有安装
jqRPM,请使用以下内容安装:$ sudo dnf -y install jq
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}