CA Certificate for LDAP SSL/TLS communication

Cnu_k · January 18, 2021, 9:11pm

Hi,

I am using latest AWX version(16.0.0) in Kubernetes cluster and trying to understand how I can supply our internal CA Certificate awx_web and awx_task containers for this work. I need to do this for configuring LDAP authentication for AWX and also for running Ansible tasks later.

Can anyone tell me if I need to copy the .pem file to the docker image or reference those files in the inventory file, for Ansible playbook tasks to copy to respective containers at correct locations?

Thanks

Ronan · January 21, 2021, 4:08pm

Hi,

I guess you’ll have to setup the ca_trust_dir variables when installing AWX.

CA Trust directory. If you need to provide custom CA certificates, supplying

this variable causes this directory on the host to be bind mounted over

/etc/pki/ca-trust in the awx_task and awx_web containers.

If you are deploying on openshift or kubernetes, set the variable to /etc/pki/ca-trust instead,

as the awx_web and awx_task containers will not run the `update-ca-trust` command.

#ca_trust_dir=/etc/pki/ca-trust/source/anchors

In my case (docker) I’ve used that with LDAPS successfully but it seems the k8s config is different.

Hope it helps.

Cnu_k · January 21, 2021, 6:55pm

Above approach didn’t work for some reason as I was getting mounting error for the container in Kubernetes cluster.
Solved the issue as discussed here. https://groups.google.com/g/awx-project/c/p4sKMYJr6gk

Topic		Replies	Views
Custom Root CA Certificate issue for AWX LDAP connectivity AWX Project awx , kubernetes	4	2	January 21, 2021
LDAPS with Ansible AWX AWX Project awx	10	0	October 23, 2020
ssl for docker-compose AWX instance AWX Project awx , kubernetes	1	0	January 30, 2023
Internal CA trust for project playbooks AWX Project awx , ee	4	3	September 23, 2021
LDAP Certificate not loading AWX Project awx , kubernetes	0	0	November 14, 2021