Correct way to "reconfigure" AWX using awx-operator on k3s
Andreas Bourges
AWX Project
andyb...@googlemail.com
Hi,
..thanks for your response – highly appreciated!
You can add custom ee-images to the awx-demo.yml spec (or equivalent), check out "ee_images" here https://github.com/ansible/awx-operator#deploying-a-specific-version-of-awx
This change would not affect any resources you have in your database (projects/templates/orgs/users etc
Let us know if that helps!
AWX Team
OK, I already *have* the custom-ee defined in the UI for the jobs. This works. What I need is to change the control-plane image, that is used to update the code repositories. This cannot be done via UI, it seems it has to be defined somewhere else.
Regarding you suggestion – I added the custom_ee to my awx-deploy.aml:
ee_images:
- name: nautobot-custom-awx-ee
image: registry.gitlab.com/nautobot1/awx-ee:3.0
First question – how can I add credentials for that registry? Nothing mentioned for EE in the docs?
Anyway – once this has been done – what exactly is the process of applying this to my already running awx instance?
I did:
kubectl config set-context --current --namespace=awx
kubectl apply -f awx-deploy.yml
awx.awx.ansible.com/awx configured
Should I notice any change in AWX? Still looks all the same:
Thanks,
Andreas
On Thursday, July 14, 2022 at 4:33:27 AM UTC-4 andyb...@googlemail.com wrote:
Hi everybody,
...looking at the operator docs, I cannot find a way to reconfigure the running awx instance. I want to change the default control_plane_ee_image, but keep projects/templates I have created in awx so far.
What would be the recommended way to do that?
Thanks in advance,
Andreas
--
You received this message because you are subscribed to a topic in the Google Groups "AWX Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/awx-project/DhDqHS-mIFo/unsubscribe.
To unsubscribe from this group and all its topics, send an email to awx-project...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/awx-project/3943a7bf-8997-4e65-bad6-724c77a58959n%40googlegroups.com.
kurokobo
> What I need is to change the control-plane image,
You can use control_plane_ee_image instead of ee_images.
You received this message because you are subscribed to the Google Groups "AWX Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to awx-project...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/awx-project/003201d89cfb%2470ba1fc0%24522e5f40%24%40googlemail.com.
andyb...@googlemail.com
Hi,
…thanks for assisting me here. Still no luck ☹ My awx-deploy.yaml looks like this:
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
name: awx
spec:
service_type: nodeport
projects_persistence: true
projects_storage_access_mode: ReadWriteOnce
control_plane_ee_image:
- name: nautobot-custom-awx-ee
web_extra_volume_mounts: |
- name: static-data
mountPath: /var/lib/projects
extra_volumes: |
- name: static-data
persistentVolumeClaim:
claimName: static-data-pvc
…and I created an according secret (at least I hope that’s correct):
kubectl create secret docker-registry nautobot-custom-awx-ee-cp-pull-credentials \
--docker-server=registry.gitlab.com \
--docker-username=xxxxxxx \
--docker-password='xxxxxx' \
…which gave me:
„secret/nautobot-custom-awx-ee-cp-pull-credentials created”
But when I try to apply the awx-deploy.yaml:
# kubectl apply -f awx-deploy.yml
error: error validating "awx-deploy.yml": error validating data: ValidationError(AWX.spec.control_plane_ee_image): invalid type for com.ansible.awx.v1beta1.AWX.spec.control_plane_ee_image: got "array", expected "string"; if you choose to ignore these errors, turn validation off with --validate=false
Looks like I need to provide a string instead if a list of dicts here? Only the name and define the desired image above es custom EE image?
Sorry for my struggling, but it seems that I’m still scratching the surface only ☹
Thanks,
Andreas
andyb...@googlemail.com
HA – now it works!
Changed the awx-deploy a bit and…
control_plane_ee_image: registry.gitlab.com/nautobot1/awx-ee:3.0
Thanks so much for your patience and assistance!
Andreas
andyb...@googlemail.com
Moving forward here – I changed the registry from the official gitlab.com to a docker-based registry server at the customer network. For the “normal” EE entry, that worked out of the box, since we can disable ssl_verification when configuring the EE. But for the control-plane image, I’m unable to figure out, how to disable ssl-verify? Do I have to specify this flag, when creating the secret?
kubectl create secret docker-registry xxxxxx-awx-ee-cp-pull-credentials --docker-server=10.40.xx.xxx:4443 --docker-username=awx --docker-password='xxxxxx'
in the container logs I see:
x509: cannot validate certificate for 10.40.xx.xxx because it doesn't contain any IP SANs
The certificate is self-signed and has no SANs. I faced the same message when interacting with the registry on cli, but fixed it by adding the following to the docker-config:
{
"insecure-registries" : ["10.40.xx.xxx:4443"]
}
Is there a similar knob in awx to turn off ssl verification for the control-plane image?
Thanks,
