Did you get this to work? I have AAP 2.4 installed and running and a separate host has Private Hub running.
But a simple ad-hoc job is failing to create the EE.
I have setup the API token in Credentials pointing to the Private Hub but the Control Plain EE just does get created to do a simple ping or uptime ad-hoc job.
AAP supports more deployment options than AWX does, so could you tell us how yours is deployed? For e.g. did you use an operator in OCP after subscribing to the catalog, or did you install the rpm based bundle to a standalone RHEL 8/9 vm?
Also, is the Control Plain EE downloaded to Private Hub already? Unfortunately, I don’t have experience with using the container registry feature of AH/Galaxy.
In my case, we’re subscribed to the operator in OCP 4.12, and pull all of our images from a local Quay Enterprise that proxies the upstream Red Hat registries.
Installed with the bundle as a standalone disconnected to have its own database I deleted the EE’s and setup ansible private hub on a separate box and have the EE’s from the Private Hub to be pulled on jobs. My issue today is when I run an ad-hoc job against a test box from an inventory it spits out "Error container create failed ( no logs from conmon ) common bytes “”: readObjectStart: expect … I have seen some github issues related to this error but referring to podman, my issue is happening using the WebUI.
Okay, so I don’t have any experience with the standalone bundle, but from what I recall, it does use podman. If that’s the case, maybe podman itself is unaware of your private hub or the credentials you provided. I would try configuring podman so that the host’s aap unix user can manually pull EE images from the private hub without needing to manually login first, and then see if AAP works.
Yeah no, AAP is running as UID:1000 or UID:1001 I presume, which is probably named either awx/aap. You need to create an auth.json file for that user to implicitly login to your private hub. Logging into private hub under your user or as root won’t help.
So before doing the auth.json just to let you know awx id is 997 password is set to never expire. Should I have the awx user have an account on the Ansible Private Hub ?
So when I create the auth.json content I am not sure what the password would be for awx so should I try awx-manage and generate a password for awx username ?
Under the awx/997 user’s home directory, create the auth.json file with any valid private hub credential, whether it’s yours or a service account specifically for AAP to use. I would not generate a password for the awx username from awx-manage because I have no idea what the consequences would be.
I tried to run a job but got an error regarding the base64 username and password. Not sure if the auth.json username and password format. I see in your example you have username:password separated with a colon is that correct?
Error now is Error: initializing source docker://private.automation.hub/ee-supported-rhel8:latest: Requesting bearer token: invalid status code from registry 403 (forbidden)
I’m out of ideas then. Unless someone else here is familiar with this sort of scenario, I suggest you go make a support ticket with RedHat since you are already paying them for it.