Hi Team,

Has anyone issue with Certificate by AWX on container? I’m using K3s.
I’ve tried to use theforeman.foreman.collection or redhat.satellite.collection but playbook failed with: Failed to establish a new connection: [Errno 110] Connection timed out.
For testing, I’ve tried to do a curl from the container awx-instance-web and here’s the result: (I’ve changed names and ipv4)

curl -iv https://sat001.xxx/katello/api

• Trying 1xx.xx.xx.xx…
• TCP_NODELAY set
• Connected to sat001.xxx (1xx.xx.xx.xx) port 443 (#0)
• ALPN, offering h2
• ALPN, offering http/1.1
• successfully set certificate verify locations:
• CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
• TLSv1.3 (OUT), TLS handshake, Client hello (1):
• TLSv1.3 (IN), TLS handshake, Server hello (2):
• TLSv1.2 (IN), TLS handshake, Certificate (11):
• TLSv1.2 (OUT), TLS alert, unknown CA (560):
• SSL certificate problem: self signed certificate in certificate chain
• Closing connection 0
  curl: (60) SSL certificate problem: self signed certificate in certificate chain
  More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.

So, a curl --insecure is ok but I cannot do it by playbook.
Has anyone idea about that?
Thanks in advance

What if you have your client cert and key mounted at the path described here https://docs.ansible.com/ansible/latest/collections/theforeman/foreman/foreman_callback.html#parameter-client_cert inside of your awx-ee image? Do your playbooks then run successfully?

IF this works, then there are ways to mount in volumes using the isolated paths setting in AWX.

https://docs.ansible.com/automation-controller/latest/html/userguide/execution_environments.html#ee-mount-options

AWX Team