LDAPS with Ansible AWX
324 views
Skip to first unread message
Daniel@Vistra
Oct 14, 2020, 1:43:43 PM10/14/20
to AWX Project
I have a requirement to have Ansible work with LDAPS.
I have gone into the GUI and put in the correct address for LDAPS. Did not work.
I found a technical support article at RedHat that provided more to do with changing an LDAP.conf file and putting the LDAP server PEM key, did not work.
Did the same to an Ansible TOWER server that I had spun up with an EVAL license, it worked with the same steps as above.
Anyone here configure LDAPS for AWX and it works?
Thank you.
Michael Dekmetzian
Oct 14, 2020, 8:53:01 PM10/14/20
to AWX Project
I do, though it works the same for me in AWX as it does in Tower.
Daniel@Vistra
Oct 20, 2020, 12:14:35 PM10/20/20
to AWX Project
What did you to to configure LDAPS? I have LDAP working, not secure LDAP (LDAPS).
Wei-Yen Tan
Oct 20, 2020, 1:19:46 PM10/20/20
to Daniel@Vistra, AWX Project
From: awx-p...@googlegroups.com <awx-p...@googlegroups.com> on behalf of Daniel@Vistra <daniel...@vistracorp.com>
Sent: Wednesday, October 21, 2020 5:14:35 AM
To: AWX Project <awx-p...@googlegroups.com>
Subject: [awx-project] Re: LDAPS with Ansible AWX
Sent: Wednesday, October 21, 2020 5:14:35 AM
To: AWX Project <awx-p...@googlegroups.com>
Subject: [awx-project] Re: LDAPS with Ansible AWX
--
You received this message because you are subscribed to the Google Groups "AWX Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to awx-project...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/awx-project/7f355d48-7ea2-420c-bae5-125052310d65n%40googlegroups.com.
You received this message because you are subscribed to the Google Groups "AWX Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to awx-project...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/awx-project/7f355d48-7ea2-420c-bae5-125052310d65n%40googlegroups.com.
Wei-Yen Tan
Oct 21, 2020, 1:07:07 AM10/21/20
to Michael Dekmetzian, AWX Project
No that’s not how it works. Awx does it for you at build time. In the inventory file there is a variable you Put the cert in.
Get Outlook for iOS
From: awx-p...@googlegroups.com <awx-p...@googlegroups.com> on behalf of Michael Dekmetzian <michael.d...@gmail.com>
Sent: Thursday, October 15, 2020 1:53:00 PM
Sent: Thursday, October 15, 2020 1:53:00 PM
--
You received this message because you are subscribed to the Google Groups "AWX Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to awx-project...@googlegroups.com.
To unsubscribe from this group and stop receiving emails from it, send an email to awx-project...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/awx-project/cd1457be-1dd7-416f-80dd-f62c9ebac3e7n%40googlegroups.com.
Rajiv Kamath
Oct 23, 2020, 11:31:49 AM10/23/20
to AWX Project
i got it to work after installation. 2 things need to happen
- ca cert files need to be dropped into /etc/pki/ca-trust/source/anchors and then run "update-ca-trust extract" from within awx_web. To do this automatically, you might need to run docker-compose up -d again so that the containers are recreated. Make sure you drop the ca files into the directory on the Server where you specified the ca_files_dir during initial install.
- if the containers are running centos8 you ll might need to downgrade openssl security level incase the remote ldaps endpoint isnt hardened.
do a find under /etc for openssl.config and opensslcnf.config and change seclevel=2 to seclevel=1.
Rajiv Kamath
Oct 23, 2020, 11:34:19 AM10/23/20
to AWX Project
i edited the docker-compose and downloaded the 2 openssl files > edited them > and added them as a volume to the awx_web container. Run the docker-compose up -d after all the changes and it should work.
Wei-Yen Tan
Oct 23, 2020, 11:36:01 AM10/23/20
to Rajiv Kamath, AWX Project
You should not have to edit the docker compose file at all. The ansible playbook templates it all for you when you run the playbook
Get Outlook for iOS
From: awx-p...@googlegroups.com <awx-p...@googlegroups.com> on behalf of Rajiv Kamath <rk1...@gmail.com>
Sent: Saturday, October 24, 2020 4:34:19 AM
Sent: Saturday, October 24, 2020 4:34:19 AM
--
You received this message because you are subscribed to the Google Groups "AWX Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to awx-project...@googlegroups.com.
To unsubscribe from this group and stop receiving emails from it, send an email to awx-project...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/awx-project/a4adfe66-4e3a-4ba8-a73e-397141665a60n%40googlegroups.com.
Rajiv Kamath
Oct 23, 2020, 12:24:41 PM10/23/20
to AWX Project
yes. but the scenario i mentioned was after installation of the awx platform. Not sure if a reinstall would destroy existing configs and data.
Wei-Yen Tan
Oct 23, 2020, 12:33:12 PM10/23/20
to Rajiv Kamath, AWX Project
IIRC when i did my installation it didnt...and after using the Redhat-cop Tower Configuration at
ALL my tower configuration is listed as code. And can be 'reapplied' at any time. In fact what I do is to use yaml datastructures and playbooks to drive the tower configuration.
To view this discussion on the web visit https://groups.google.com/d/msgid/awx-project/3d0d4a17-13b5-4f00-94d6-aae1fa67db10n%40googlegroups.com.
Rajiv Kamath
Oct 23, 2020, 12:44:50 PM10/23/20
to AWX Project
Not sure if my previous reply posted properly so doing it again.
The scenario i mentioned was post installation. Not sure if a reinstall would have preserved data and configs on the existing awx instance. so far my upgrades arent preserving data.
On Friday, October 23, 2020 at 10:36:01 AM UTC-5 weiye...@gmail.com wrote:
Reply all
Reply to author
Forward
0 new messages