AWX is the open source upstream project for the Ansible Tower, which has been available since September via the GIT repo, thanks to RedHat.

Since the AWX Git project is quite young, it is naturally subject to strong changes, so this guide is likely to lose its validity quickly. Therefore, I would be very happy about comments.


  • Fresh Ubuntu 16.04 with a connection to the Internet
  • SSH terminal


  • This simple tutorial does not contain any security measures for securing the system (backup, firewall, service security …)
  • This tutorial is for test environments, not production

I’m saving a lot of explanation as I believe that AWX is used by experienced Linux admins with Ansible knowledge. If you have any questions, feel free to contact me or use the comment function.

Ansible AWX ships as an OpenShift or Docker container. This tutorial describes the Docker variant

Step 1: Install Required Packages of Ansible Docker

We install the required packages and load the AWX packages down (you can customize the AWX logos). Ubuntu 16.04 has a too old ansible version in the repo, hence the additional repository.

sudo -i 
apt-add-repository ppa: ansible / ansible
apt-get update
apt-get upgrade
apt-get install ansible docker git python-pip
pip install docker-py
service docker start
mkdir awx-install
cd awx-install
git clone
git clone
cd awx / installer /

Step 2: Configure Ansible Docker


The inventory file has to be adapted, installation parameters are stored here. I’ve tagged all of my parameters, but in the end personal taste and circumstance are crucial.

localhost ansible_connection = local ansible_python_interpreter = "/ usr / bin / env python"

[All: vars]

# Remove these lines if you want to run a local image build
# Otherwise the setup playbook wants to install the official Ansible images. Version may
# be selected based on: latest, 1, 1.0, 1.0.0,
# by default the base will be used to search for ansible / awx_web and ansible / awx_task
dockerhub_base = ansible
dockerhub_version = latest

# This will create or update a default admin (superuser) account in AWX, if not provided
# then these default values are used
default_admin_user = myadminuser 
default_admin_password = myadminpw

# AWX Secret key
#It's * very * important that this stay the same between upgrades or you will lose the ability to decrypt
# your credentials
awx_secret_key = meinsehrlangerundmitzahlenwie1234versehenersecretkey

# Openshift Install
# Will need to set -e openshift_password = developer -e docker_registry_password = $ (oc whoami -t)
# openshift_host = 8443
# awx_openshift_project = awx
# openshift_user = developer
# awx_node_port = 30083

# Standalone Docker Install
# The datadir is adjusted so even after a blank of / tmp / the database still exists 
postgres_data_dir = / var / pgdocker

# The port is adjusted so that the (Nginx) SSL proxy cleanly conveys
 host_port = 8052

# Required for Openshift when building the image on your own
# Optional for Openshift if using Dockerhub or another prebuilt registry
# Required for Standalone Docker Install if building the image on your own
# Optional for Standalone Docker Install if using Dockerhub or another prebuilt registry
# Define if you want the image pushed to a registry. The container definition wants to use these images
# docker_registry = 5000
# docker_registry_repository = awx
# docker_registry_username = developer

# Docker_image does not want to push to remote if the image already exists locally
They are pushed to the remote repository
# docker_remove_local_images = False

# Set pg_hostname if you have an external postgres server, otherwise
# a new postgres service will be created
# pg_hostname = postgresql
pg_username = awx
pg_password = awxsecretpass
pg_database = awx
pg_port = 5432

# Use a local distribution build AWX package
# This is helpful if you do not want to install the build-time dependencies as
#it is taken care of already.
# NOTE: IMPORTANT: If you are running a minishift install, use this container might not work
# if you are using certain drivers like KVM where the source tree can not be mapped
# into the build container.
# This setting must be set to False which will trigger a local build. To view the
# typical dependencies that you might need to install see:
# installer / image_build / files / Dockerfile.sdist
# use_container_for_build = true

# Build AWX with official logos
# Requires cloning awx-logos repo into the project root.
# Review the trademark guidelines at
# awx_official = false

# Proxy
# Http_proxy = http: // proxy: 3128
# Https_proxy = http: // proxy: 3128
# No_proxy =

# Container networking configuration
# Set the awx_task and awx_web containers' search domain (s)
# Awx_container_search_domains =,

Step 3: Execute Installation:

In this step, we will execute the installation

ansible-playbook -i inventory install.yml

You can now log in via the web interface: http://localhosts:8052

To protect the site with SSL, we simply install a nginx with:

apt-get install nginx

Now lets adjust the default-config, and Websocket, so that sockets continue to work. 
The config here is just an example and needs to be adapted to your environment

server {server}
listen 80;
return 301 https: // $ server_name $ request_uri;

server {server}

listen 443;

ssl_certificate /etc/ssl/mycert.crt;
ssl_certificate_key /etc/ssl/private/mykey.key;

ssl on;
ssl_session_cache builtin: 1000 shared: SSL: 10m;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:! aNULL:! eNULL:! EXPORT:! CAMELLIA:! DES:! MD5:! PSK:! RC4;
ssl_prefer_server_ciphers on;

access_log /var/log/nginx/awx.access.log;

location / {

proxy_set_header Host $ host;
proxy_set_header X-Real-IP $ remote_addr;
proxy_set_header X-Forwarded-For $ proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $ scheme;

# Fix the “It appears that your reverse proxy set up is broken” error.
proxy_read_timeout 90;


location / websocket / {

proxy_http_version 1.1;
proxy_set_header Upgrade $ http_upgrade;
proxy_set_header Connection “upgrade”;
proxy_read_timeout 86400;


At the end then perform a service restart for Nginx

Now your AWX is accessible via SSL