AWX on K3S using ldaps
121 views
Skip to first unread message
Teksupsm
Nov 20, 2022, 1:55:53 PM11/20/22
to AWX Project
Has anyone been able to get this working on K3S with LDAP authentication? I have tried applying the secrets using my internal CA and while the certs are on the awx-web instance and I can in fact use them running openssl commands I am still getting cert errors when I try to authenticate.
AWX Project
Dec 2, 2022, 1:53:04 PM12/2/22
to AWX Project
| I am still getting cert errors when I try to authenticate.
can you copy and paste the errors you are seeing? thanks!
AWX Team
Sean Marshall
Dec 2, 2022, 2:30:37 PM12/2/22
to awx-p...@googlegroups.com
I managed to get it working by including the entire cert chain in the ldaps certificate.
--
You received this message because you are subscribed to a topic in the Google Groups "AWX Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/awx-project/QZdBymWKSjA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to awx-project...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/awx-project/2c7c6977-3589-4e67-b4c5-88127d0f1091n%40googlegroups.com.
Lorenzo Tanganelli
Dec 7, 2022, 12:20:09 PM12/7/22
to AWX Project
Hi,
In my company we have simila issue also adding the cert chain and so on.
Issue probably is related on our internal CA that release us a SHA1 Cert, that in RH 9 is no more accepted.
In my company we have simila issue also adding the cert chain and so on.
Issue probably is related on our internal CA that release us a SHA1 Cert, that in RH 9 is no more accepted.
Do you ahve same issue?
AWX Project
Dec 7, 2022, 2:36:22 PM12/7/22
to AWX Project
lorenzota, what problems are you experiencing exactly? any error messages that seem to be related?
AWX Team
Sean Marshall
Dec 9, 2022, 10:17:57 AM12/9/22
to awx-p...@googlegroups.com
Ours is working now but the certs are SHA256 so perhaps that is your issue.
To view this discussion on the web visit https://groups.google.com/d/msgid/awx-project/db2f3aaf-37e3-467f-a48d-146fac69814en%40googlegroups.com.
Lorenzo Tanganelli
Dec 14, 2022, 7:13:17 AM12/14/22
to AWX Project
Hi team,
I confirm that issue is related to our CA that use SHA1 as CA Cert (not ask me why but this is). The AWX base image is Centos9Stream that by default not allow anymore SHA1, to enable it you need to run the update-crypto-policies command.
So, in our case to work properly we have "override" the awx-web command and args via Helm with :
web_command:
- /bin/bash
- "-c"
web_args:
- update-crypto-policies --set DEFAULT:SHA1; /usr/bin/launch_awx.sh
This becase update-crypto-policies need to be run befor launching the awx program,
For sure this is not a best practice, but for certain enviroment/use case, this is the only solution.
AWX Team, probably this will be documented somewhere...
Reply all
Reply to author
Forward
0 new messages