AWX operator installation on Openshift

Hello All,

Have installed the AWX operator through the operators hub in OpenShift. I am facing the below error while trying to access the default URL created for access AWX web. The Deployments and pods are running fine without any issue. Kindly assist me on this.

Thanks,
Askar

AWX actually doesn’t natively support running on Openshift out of the box. OpenShift runs pods as random UID’s, but the AWX container is expecting UID 1000. So you will need to build your own AWX image for OpenShift to use by using the same Dockerfile but with the USER 1000 line commented out. You will run into various permissions issues until you take care of this.

As for your certificate error, it’s hard to troubleshoot that without any idea of what your yaml looks like; It would be helpful if you could post the AWX resource yaml you gave the operator for deploying AWX.

My guess is you didn’t specify any Ingress settings, and, AWX isn’t opinionated on your Ingress settings. So if you went with all default settings, you might fix this by specifying the Ingress Type as “Route” and Route TLS Termination Mechanism as “Edge”.

Snippet from my AWX on OCP 4.12 instance:

apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata: 
  name: awx
  namespace: awx
spec:
  ingress_type: Route
  loadbalancer_port: 80
  loadbalancer_protocol: http
  route_host: awx.apps.os4cluster.example.com
  route_tls_termination_mechanism: Edge
  service_type: ClusterIP
1 Like

Hello Denney,

Thanks for your response. In my case I have installed AWX as an operator available in the operators hub in openshift unlike the yaml or helm chart installation. All the default settings are covered by the operator installation.

Thanks and Regards,
Askar

I understand that you installed the operator by subscribing it from the community catalog. The operator and how it was deployed is not the issue. You’re getting tls errors to AWX Web, which is a pod that is only deployed by the operator after you create a kind: AWX custom resource through the operator’s Provided API, which can be viewed as yaml. You say you used all default settings, and in that case, your instance will not work because the default settings do not account for or assume OCP deployments.

You will need to edit your AWX resource, and you will still have to address rebuilding the AWX image.

If I’m misunderstanding and the awx-operator-controller-manager pod is the only AWX pod that exists, then you have a different and more… interesting problem.

1 Like

Hello @irfan_askar the screenshot you’ve attached is for the kube-rbac-proxy container logs. Can you please share the operator logs rather than the kube-rbac-proxy container logs? Here is some documentation regarding troubleshooting this: Debugging the AWX Operator - Ansible AWX Operator Documentation