AWX Deployement behind nginx and SAML

Get Help
, , ,
1

I’ve been unsuccessful getting AWX to work with SAML authentication behind nginx alb in EKS.

I am running 23.4.0 using AWX-operator 2.7.2 (but have been trying this for quite some time)

I have set
csrf_cookie_secure: 'False'
since that seemed to be likely cause but has had no impact

my nginx annotations are:

annotations:
    kubernetes.io/ingress.class: "alb"
    alb.ingress.kubernetes.io/target-type: "ip"
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
    alb.ingress.kubernetes.io/certificate-arn: "arn:foo"
    alb.ingress.kubernetes.io/use-forwarded-headers: "true"
    nginx.ingress.kubernetes.io/configuration-snippet: |
      more_set_headers "X-Forwarded-For $http_x_forwarded_for";

What am I missing to get this to work? I’ve tried some other variations but pretty lost on what is wrong here

2

followed this guide: Chapter 5. Configuring proxy support for Red Hat Ansible Automation Platform Red Hat Ansible Automation Platform 2.0-ea | Red Hat Customer Portal

it forced me to enter something in the Proxy IP Allowed List and CSRF Trusted Origins List even though doc says empty list will allow all to be trusted. It is Kubernetes so not a static IP ALB, after entering “” awx is down the the web container throwing:

  File "/var/lib/awx/venv/awx/lib64/python3.9/site-packages/awx/main/utils/profiling.py", line 129, in stop

    res = self.output_results()

  File "/var/lib/awx/venv/awx/lib64/python3.9/site-packages/awx/main/utils/profiling.py", line 90, in output_results

    super().output_results()

  File "/var/lib/awx/venv/awx/lib64/python3.9/site-packages/awx/main/utils/profiling.py", line 22, in output_results

    os.makedirs(self.dest)

  File "/usr/lib64/python3.9/os.py", line 215, in makedirs

    makedirs(head, exist_ok=exist_ok)

  File "/usr/lib64/python3.9/os.py", line 225, in makedirs

    mkdir(name, mode)

PermissionError: [Errno 13] Permission denied: '/var/log/tower'

2023-11-16 22:03:02,385 ERROR    [c42e021ac51a4f438245248386d68f28] django.request Internal Server Error: /

Traceback (most recent call last):

  File "/var/lib/awx/venv/awx/lib64/python3.9/site-packages/django/core/handlers/exception.py", line 55, in inner

    response = get_response(request)

  File "/var/lib/awx/venv/awx/lib64/python3.9/site-packages/django/utils/deprecation.py", line 136, in __call__

    response = self.process_response(request, response)

  File "/var/lib/awx/venv/awx/lib64/python3.9/site-packages/awx/main/middleware.py", line 58, in process_response

    response['X-API-Profile-File'] = self.prof.stop()

  File "/var/lib/awx/venv/awx/lib64/python3.9/site-packages/awx/main/utils/profiling.py", line 129, in stop

    res = self.output_results()

  File "/var/lib/awx/venv/awx/lib64/python3.9/site-packages/awx/main/utils/profiling.py", line 90, in output_results

    super().output_results()

  File "/var/lib/awx/venv/awx/lib64/python3.9/site-packages/awx/main/utils/profiling.py", line 22, in output_results

    os.makedirs(self.dest)

  File "/usr/lib64/python3.9/os.py", line 215, in makedirs

    makedirs(head, exist_ok=exist_ok)

  File "/usr/lib64/python3.9/os.py", line 225, in makedirs

    mkdir(name, mode)

PermissionError: [Errno 13] Permission denied: '/var/log/tower'