Need help with Azure AD with AWX

Wizz · February 29, 2024, 2:17pm

Hi,

K3s v1.28.6+k3s2
awx-operator 2.12.1
AWX 23.9.0
PostgreSQL 13
AWX is exposed via nginx ingress (with domain )
I’ve created a public certificate

I’ve configured azure and AWX according to the documentation.
When I click on the azure button on the connection page, I arrive on the Microsoft part and then I enter my identifiers. Then the page loads for a while and I get a “504 Gateway Time-out error. nginx”.
Is anyone having problems with Azure AD?
Thank you
Best regards,
Wizz

Rtwolfe94022 · March 1, 2024, 3:01am

To address the “504 Gateway Time-out error” with Azure AD in AWX, check and adjust the Nginx timeout settings, ensure your Azure AD and AWX configurations match the documentation, inspect network connectivity, and review both AWX and Azure AD logs for errors. This comprehensive approach should help identify and solve the issue.

Wizz · March 1, 2024, 8:27am

Yes, I tried to access the nginx settings in the Kubernetes container. But it asks me for a password, I don’t know it. Is there any other way to change the nginx config??

And the file (nginx.conf) is in readonly , i cannot modify

kurokobo · March 1, 2024, 12:33pm

Hi, thanks for moving the topic from my repo to here, with additional information

I make quick test and can confirm that Azure AD auth works without any problem. Almost the same setup, but I use Traefik as an ingress controller.

When you are on 504 Gateway Time-out error. nginx page, what is its URL? I mean, we want to ensure Redirect URI is correct.

If the Redirect URI is correctly configured, is there any logs on the nginx side, e.g. nginx for ingress controller, or nginx in awx-web pod.

Wizz · March 1, 2024, 5:10pm

Ok, let me start from the beginning:
1 I created the app on azure AD
2- created a “web” web application (adding the rollback link I found on AWX https://fdqn/sso/complete/azuread-oauth2/)
3-I changed the default name to towerhost on the awx web interface

I work behind a proxy.
I’ve just realised that my traffic does not go through the proxy never use the proxy, even though I’ve added the http_proxy :
1 on awx.yml
2 /etc/systemd/system/k3s.service.env

I have no idea … why

kurokobo · March 2, 2024, 4:37am

How did you add proxies on awx.yml? If you have done it by adding AWX_TASK_ENV['HTTP_PROXY'] in extra_settings, I haven’t read the code in detail, but I’m a little unsure if that works for social auth as well.

Can you try adding proxies by task_extra_env and web_extra_env in awx.yaml?

spec:
  ...
  task_extra_env: |
    - name: HTTP_PROXY
      value: http://proxy.example.com:3128
    - name: HTTPS_PROXY
      value: http://proxy.example.com:3128
    - name: NO_PROXY
      value: 127.0.0.1,localhost,.example.com
  web_extra_env: |
    - name: HTTP_PROXY
      value: http://proxy.example.com:3128
    - name: HTTPS_PROXY
      value: http://proxy.example.com:3128
    - name: NO_PROXY
      value: 127.0.0.1,localhost,.example.com

Wizz · March 4, 2024, 3:50pm

I put this (awx.yml) :

extra_settings:
    - setting: AWX_TASK_ENV['HTTP_PROXY']
      value: "''"
    - setting: AWX_TASK_ENV['HTTPS_PROXY']
      value: "''"
    - setting: AWX_TASK_ENV['NO_PROXY']
      value: "''"

Wizz · March 4, 2024, 4:19pm

Your solution works
Thank you very much

kurokobo · March 6, 2024, 4:27am

Thank you too, I’ve added a note about this in my guide

system · April 5, 2024, 4:27am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.