LDAPS with Ansible AWX

Daniel2 · October 14, 2020, 5:43pm

I have a requirement to have Ansible work with LDAPS.

I have gone into the GUI and put in the correct address for LDAPS. Did not work.

I found a technical support article at RedHat that provided more to do with changing an LDAP.conf file and putting the LDAP server PEM key, did not work.

Did the same to an Ansible TOWER server that I had spun up with an EVAL license, it worked with the same steps as above.

Anyone here configure LDAPS for AWX and it works?

Thank you.

Michael_Dekmetzian · October 15, 2020, 12:53am

I do, though it works the same for me in AWX as it does in Tower.

Daniel2 · October 20, 2020, 4:14pm

What did you to to configure LDAPS? I have LDAP working, not secure LDAP (LDAPS).

Wei-Yen_Tan · October 20, 2020, 5:19pm

Yoy have to create certificate In the base build of awx.

Wei-Yen_Tan · October 21, 2020, 5:07am

No that’s not how it works. Awx does it for you at build time. In the inventory file there is a variable you Put the cert in.

Rajiv_Kamath · October 23, 2020, 3:31pm

i got it to work after installation. 2 things need to happen

ca cert files need to be dropped into /etc/pki/ca-trust/source/anchors and then run “update-ca-trust extract” from within awx_web. To do this automatically, you might need to run docker-compose up -d again so that the containers are recreated. Make sure you drop the ca files into the directory on the Server where you specified the ca_files_dir during initial install.
if the containers are running centos8 you ll might need to downgrade openssl security level incase the remote ldaps endpoint isnt hardened.
do a find under /etc for openssl.config and opensslcnf.config and change seclevel=2 to seclevel=1.

Rajiv_Kamath · October 23, 2020, 3:34pm

i edited the docker-compose and downloaded the 2 openssl files > edited them > and added them as a volume to the awx_web container. Run the docker-compose up -d after all the changes and it should work.

Wei-Yen_Tan · October 23, 2020, 3:35pm

You should not have to edit the docker compose file at all. The ansible playbook templates it all for you when you run the playbook

Rajiv_Kamath · October 23, 2020, 4:24pm

yes. but the scenario i mentioned was after installation of the awx platform. Not sure if a reinstall would destroy existing configs and data.

Wei-Yen_Tan · October 23, 2020, 4:32pm

IIRC when i did my installation it didnt…and after using the Redhat-cop Tower Configuration at

https://github.com/redhat-cop/tower_configuration

ALL my tower configuration is listed as code. And can be ‘reapplied’ at any time. In fact what I do is to use yaml datastructures and playbooks to drive the tower configuration.

Rajiv_Kamath · October 23, 2020, 4:44pm

Not sure if my previous reply posted properly so doing it again.
The scenario i mentioned was post installation. Not sure if a reinstall would have preserved data and configs on the existing awx instance. so far my upgrades arent preserving data.

Topic		Replies	Views
How can i configure Secured LDAP in AWX? AWX Project awx	1	0	September 21, 2018
Having difficulty getting LDAP authentication to work Ansible Project awx	2	0	May 29, 2018
AD/LDAP cert needed for authentication AWX Project awx	9	1	May 16, 2020
Having problems with LDAP authentication AWX Project awx	3	0	May 31, 2018
LDAP authentication not working. AWX Project awx	5	4	March 10, 2023

LDAPS with Ansible AWX

Related topics