Has anyone been able to get this working on K3S with LDAP authentication? I have tried applying the secrets using my internal CA and while the certs are on the awx-web instance and I can in fact use them running openssl commands I am still getting cert errors when I try to authenticate.
I am still getting cert errors when I try to authenticate.
can you copy and paste the errors you are seeing? thanks!
AWX Team
I managed to get it working by including the entire cert chain in the ldaps certificate.
Hi,
In my company we have simila issue also adding the cert chain and so on.
Issue probably is related on our internal CA that release us a SHA1 Cert, that in RH 9 is no more accepted.
Do you ahve same issue?
lorenzota, what problems are you experiencing exactly? any error messages that seem to be related?
AWX Team
Ours is working now but the certs are SHA256 so perhaps that is your issue.
Hi team,
I confirm that issue is related to our CA that use SHA1 as CA Cert (not ask me why but this is). The AWX base image is Centos9Stream that by default not allow anymore SHA1, to enable it you need to run the update-crypto-policies command.
So, in our case to work properly we have “override” the awx-web command and args via Helm with :
web_command:
- /bin/bash
- “-c”
web_args: - update-crypto-policies --set DEFAULT:SHA1; /usr/bin/launch_awx.sh
This becase update-crypto-policies need to be run befor launching the awx program,
For sure this is not a best practice, but for certain enviroment/use case, this is the only solution.
AWX Team, probably this will be documented somewhere…