Hi,
Please provide the exact syntax of how to create a postgresql secret for postgresdb with tls.crt, tls.key, ca.crt with db details.
I am trying to deploy awx application with ssl enabled external database
Regards,
Vijender
Hi,
Please provide the exact syntax of how to create a postgresql secret for postgresdb with tls.crt, tls.key, ca.crt with db details.
I am trying to deploy awx application with ssl enabled external database
Regards,
Vijender
Hello @Vijender7 welcome to the Community!
Can you provide us with more data? What are you exactly trying to achieve? Do you want to automate the self-signed certificate creation, or are you trying to use ansible to configure these certificates on a postgresql db server? What did you try so far? Any errors we could analyze? What ansible-core
& related galaxy collections version have you installed?
Maybe you could start by checking-out ansible’s documentation for postgresql, there is a community collections here:
On the other hand, If what you need is help on how to create the self-signed certificate stuff, you may check this link:
https://www.linode.com/docs/guides/create-a-self-signed-tls-certificate/
If you tell us a bit more I’m sure we’ll be able to help you further
Cheers!
Hi,
I have external postgresql database with third party CA signed certs (ca.crt, tls.key, tls.crt )files with database hostname, password, port, user name .
I have created secret.yaml file with adding ca.crt, tls.key, tls.crt files with base64 format along with all db connection details then created a postgresql secret, this scret added into awx deployment file, after deploying the awx, when we try to connect the DB getting below error.
Secret.yaml file syntax is below:
cat db_secret.yaml
apiVersion: v1
data:
ca.crt: base64format-key
tls.crt: base64format-key
tls.key: base64format-key
kind: Secret
metadata:
creationTimestamp: null
name: awx-postgres-configuration
namespace: awx
stringData:
host: db-hostname
port: “5432”
database: awx
username: awx
password: VVBiUHFxbUZEMlJx
type: unmanaged
sslmode: require
type: kubernetes.io/tls
+++++++++++++++++++++++++
Below are the errors:
$ kubectl exec -ti deploy/awx-web -c awx-web – /bin/bash -c “awx-manage check_db”
Traceback (most recent call last):
File “/var/lib/awx/venv/awx/lib64/python3.9/site-packages/django/db/backends/base/base.py”, line 289, in ensure_connection
self.connect()
File “/var/lib/awx/venv/awx/lib64/python3.9/site-packages/django/utils/asyncio.py”, line 26, in inner
return func(*args, **kwargs)
File “/var/lib/awx/venv/awx/lib64/python3.9/site-packages/django/db/backends/base/base.py”, line 270, in connect
self.connection = self.get_new_connection(conn_params)
File “/var/lib/awx/venv/awx/lib64/python3.9/site-packages/django/utils/asyncio.py”, line 26, in inner
return func(*args, **kwargs)
File “/var/lib/awx/venv/awx/lib64/python3.9/site-packages/django/db/backends/postgresql/base.py”, line 275, in get_new_connection
connection = self.Database.connect(**conn_params)
File “/var/lib/awx/venv/awx/lib64/python3.9/site-packages/psycopg/connection.py”, line 728, in connect
raise ex.with_traceback(None)
psycopg.OperationalError: connection failed: connection requires a valid client certificate
FATAL: no pg_hba.conf entry for host “172.16.53.54”, user “awx”, database “awx”, no encryption
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File “/usr/bin/awx-manage”, line 8, in
sys.exit(manage())
File “/var/lib/awx/venv/awx/lib64/python3.9/site-packages/awx/init.py”, line 184, in manage
if (connection.pg_version // 10000) < 12:
File “/var/lib/awx/venv/awx/lib64/python3.9/site-packages/django/utils/connection.py”, line 15, in getattr
return getattr(self._connections[self._alias], item)
File “/var/lib/awx/venv/awx/lib64/python3.9/site-packages/django/utils/functional.py”, line 57, in get
res = instance.dict[self.name] = self.func(instance)
File “/var/lib/awx/venv/awx/lib64/python3.9/site-packages/django/db/backends/postgresql/base.py”, line 436, in pg_version
with self.temporary_connection():
File “/usr/lib64/python3.9/contextlib.py”, line 119, in enter
return next(self.gen)
File “/var/lib/awx/venv/awx/lib64/python3.9/site-packages/django/db/backends/base/base.py”, line 705, in temporary_connection
with self.cursor() as cursor:
File “/var/lib/awx/venv/awx/lib64/python3.9/site-packages/django/utils/asyncio.py”, line 26, in inner
return func(*args, **kwargs)
File “/var/lib/awx/venv/awx/lib64/python3.9/site-packages/django/db/backends/base/base.py”, line 330, in cursor
return self._cursor()
File “/var/lib/awx/venv/awx/lib64/python3.9/site-packages/django/db/backends/base/base.py”, line 306, in _cursor
self.ensure_connection()
File “/var/lib/awx/venv/awx/lib64/python3.9/site-packages/django/utils/asyncio.py”, line 26, in inner
return func(*args, **kwargs)
File “/var/lib/awx/venv/awx/lib64/python3.9/site-packages/django/db/backends/base/base.py”, line 289, in ensure_connection
self.connect()
File “/var/lib/awx/venv/awx/lib64/python3.9/site-packages/django/db/utils.py”, line 91, in exit
raise dj_exc_value.with_traceback(traceback) from exc_value
File “/var/lib/awx/venv/awx/lib64/python3.9/site-packages/django/db/backends/base/base.py”, line 289, in ensure_connection
self.connect()
File “/var/lib/awx/venv/awx/lib64/python3.9/site-packages/django/utils/asyncio.py”, line 26, in inner
return func(*args, **kwargs)
File “/var/lib/awx/venv/awx/lib64/python3.9/site-packages/django/db/backends/base/base.py”, line 270, in connect
self.connection = self.get_new_connection(conn_params)
File “/var/lib/awx/venv/awx/lib64/python3.9/site-packages/django/utils/asyncio.py”, line 26, in inner
return func(*args, **kwargs)
File “/var/lib/awx/venv/awx/lib64/python3.9/site-packages/django/db/backends/postgresql/base.py”, line 275, in get_new_connection
connection = self.Database.connect(**conn_params)
File “/var/lib/awx/venv/awx/lib64/python3.9/site-packages/psycopg/connection.py”, line 728, in connect
raise ex.with_traceback(None)
django.db.utils.OperationalError: connection failed: connection requires a valid client certificate
FATAL: no pg_hba.conf entry for host “172.16.53.54”, user “awx”, database “awx”, no encryption
command terminated with exit code 1
Ok now I understand what you want to achieve. I haven’t done such a deployment of AWX before, since I only use it on lab environments. On my mind looks like you should be customizing the specs
section on the awx-operator
yml config with your tls settings before deploying (see awx-demo.yml
on the docs example below):
Now, to know what exactly you should add to the specs
section you might find some clues on this document for helm install (I couldn’t find anything intended for minikube, but you didn’t tell if that’s your case anyway):
See if that helps you figure out the solution yourself. If not, I could find a time spot and try to replicate a similar scenario, do my own trials, and so on. Or if anyone else here did try such an AWX deploy before and want to add his insight… that’s what forums are made for
Cheers