AWX (K3s) Certificate issue when contacting Satellite
64 views
Skip to first unread message
Hiero-nymo
Jul 15, 2022, 10:28:34 AM7/15/22
to AWX Project
Hi Team,
Has anyone issue with Certificate by AWX on container? I'm using K3s.
I've tried to use theforeman.foreman.collection or redhat.satellite.collection but playbook failed with: Failed to establish a new connection: [Errno 110] Connection timed out.
For testing, I've tried to do a curl from the container awx-instance-web and here's the result: (I've changed names and ipv4)
# curl -iv https://sat001.xxx/katello/api
* Trying 1xx.xx.xx.xx...
* TCP_NODELAY set
* Connected to sat001.xxx (1xx.xx.xx.xx) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: self signed certificate in certificate chain
* Closing connection 0
curl: (60) SSL certificate problem: self signed certificate in certificate chain
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.
* Trying 1xx.xx.xx.xx...
* TCP_NODELAY set
* Connected to sat001.xxx (1xx.xx.xx.xx) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: self signed certificate in certificate chain
* Closing connection 0
curl: (60) SSL certificate problem: self signed certificate in certificate chain
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.
So, a curl --insecure is ok but I cannot do it by playbook.
Has anyone idea about that?
Thanks in advance
AWX Project
Jul 20, 2022, 4:08:17 PM7/20/22
to AWX Project
What if you have your client cert and key mounted at the path described here https://docs.ansible.com/ansible/latest/collections/theforeman/foreman/foreman_callback.html#parameter-client_cert inside of your awx-ee image? Do your playbooks then run successfully?
IF this works, then there are ways to mount in volumes using the isolated paths setting in AWX.
AWX Team
Reply all
Reply to author
Forward
0 new messages