Hi everybody,
…looking at the operator docs, I cannot find a way to reconfigure the running awx instance. I want to change the default control_plane_ee_image, but keep projects/templates I have created in awx so far.
What would be the recommended way to do that?
Thanks in advance,
Andreas
You can add custom ee-images to the awx-demo.yml spec (or equivalent), check out “ee_images” here https://github.com/ansible/awx-operator#deploying-a-specific-version-of-awx
This change would not affect any resources you have in your database (projects/templates/orgs/users etc)
Let us know if that helps!
AWX Team
Hi,
…thanks for your response – highly appreciated!
You can add custom ee-images to the awx-demo.yml spec (or equivalent), check out “ee_images” here https://github.com/ansible/awx-operator#deploying-a-specific-version-of-awx
This change would not affect any resources you have in your database (projects/templates/orgs/users etc
Let us know if that helps!
AWX Team
OK, I already have the custom-ee defined in the UI for the jobs. This works. What I need is to change the control-plane image, that is used to update the code repositories. This cannot be done via UI, it seems it has to be defined somewhere else.
Regarding you suggestion – I added the custom_ee to my awx-deploy.aml:
ee_images:
image: registry.gitlab.com/nautobot1/awx-ee:3.0
First question – how can I add credentials for that registry? Nothing mentioned for EE in the docs?
Anyway – once this has been done – what exactly is the process of applying this to my already running awx instance?
I did:
kubectl config set-context --current --namespace=awx
kubectl apply -f awx-deploy.yml
awx.awx.ansible.com/awx configured
Should I notice any change in AWX? Still looks all the same:
Thanks,
Andreas
Hi,
What I need is to change the control-plane image,
You can use control_plane_ee_image instead of ee_images.
Refer “Control plane ee from private registry” section in the docs:
https://github.com/ansible/awx-operator/blob/0.25.0/README.md#control-plane-ee-from-private-registry
First question – how can I add credentials for that registry? Nothing mentioned for EE in the docs?
You can specify imagePullSecret for deployment via image_pull_secrets parameter,
as explained in the same section as above.
I did:
kubectl config set-context --current --namespace=awx
kubectl apply -f awx-deploy.yml
awx.awx.ansible.com/awx configured
Correct, apply your new awx-deploy,yml and just wait 
While waiting, it is recommended to watch the Operator’s logs so that you are able to recognize failure.
Regards,
Hi,
…thanks for assisting me here. Still no luck 
My awx-deploy.yaml looks like this:
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
name: awx
spec:
service_type: nodeport
projects_persistence: true
projects_storage_access_mode: ReadWriteOnce
control_plane_ee_image:
- name: nautobot-custom-awx-ee
image: registry.gitlab.com/nautobot1/awx-ee:3.0
web_extra_volume_mounts: |
mountPath: /var/lib/projects
extra_volumes: |
persistentVolumeClaim:
claimName: static-data-pvc
…and I created an according secret (at least I hope that’s correct):
kubectl create secret docker-registry nautobot-custom-awx-ee-cp-pull-credentials \
–docker-server=registry.gitlab.com \
–docker-username=xxxxxxx \
–docker-password=‘xxxxxx’ \
…which gave me:
„secret/nautobot-custom-awx-ee-cp-pull-credentials created”
But when I try to apply the awx-deploy.yaml:
error: error validating “awx-deploy.yml”: error validating data: ValidationError(AWX.spec.control_plane_ee_image): invalid type for com.ansible.awx.v1beta1.AWX.spec.control_plane_ee_image: got “array”, expected “string”; if you choose to ignore these errors, turn validation off with --validate=false
Looks like I need to provide a string instead if a list of dicts here? Only the name and define the desired image above es custom EE image?
Sorry for my struggling, but it seems that I’m still scratching the surface only
Thanks,
Andreas
HA – now it works!
Changed the awx-deploy a bit and…
ee_images:
image: registry.gitlab.com/nautobot1/awx-ee:3.0
control_plane_ee_image: registry.gitlab.com/nautobot1/awx-ee:3.0
Thanks so much for your patience and assistance!
Andreas
Moving forward here – I changed the registry from the official gitlab.com to a docker-based registry server at the customer network. For the “normal” EE entry, that worked out of the box, since we can disable ssl_verification when configuring the EE. But for the control-plane image, I’m unable to figure out, how to disable ssl-verify? Do I have to specify this flag, when creating the secret?
kubectl create secret docker-registry xxxxxx-awx-ee-cp-pull-credentials --docker-server=10.40.xx.xxx:4443 --docker-username=awx --docker-password=‘xxxxxx’
in the container logs I see:
x509: cannot validate certificate for 10.40.xx.xxx because it doesn’t contain any IP SANs
The certificate is self-signed and has no SANs. I faced the same message when interacting with the registry on cli, but fixed it by adding the following to the docker-config:
{
“insecure-registries” : [“10.40.xx.xxx:4443”]
}
Is there a similar knob in awx to turn off ssl verification for the control-plane image?
Thanks,
Andreas
