Questions about notifications in AWX 24.6.1

ildjarn · October 9, 2025, 9:36am

I have a few questions about notifications in AWX 24.6.1

How can I debug failed notifications? Which log do I need to check?
I have a playbook that runs on EE ‘MyCompanyEE’, which can connect succesfully to website https://my.server/. But if I set this URL in an AWX webhook notification, I need to disable certificate checking. I already set the global default EE in the miscellanous system settings to ‘MyCompanyEE’ but the error remains. So what component in AWX runs the notifications, and how can I insert the root CA (which is apparently absent from that component)?

The root CA in question is ‘CN = Sectigo Public Server Authentication Root R46’

Narizz28 · October 9, 2025, 8:43pm

I’m a little lost, are you saying you want to send a notification to your Execution Environment? What on the EE is going to accept it?

For example, if you want to send a JSON payload to the EE host over HTTP/S, you can set the notification type to Webhook, which would then give you the option to “Disable SSL verification”.

ildjarn · October 10, 2025, 7:10am

You can define notifications in AWX to run when a job finishes.

I have a notification that creates a ticket in our ticketing system when a job fails, using a webhook POST. The team responsible for the ticketing system replaced the https-certificate, and suddenly no new tickets were created.
Apparently it uses a root CA that is not present in the CA store of whatever AWX component is responsible for running notifications.

So at the moment, for a quick fix, I turned ‘Disable SSL verification’ on on the notification, but I would like to know

what component is responsible for these notifications?
How do I inject the new root CA into that component’s root CA list?

mcen1 · October 10, 2025, 12:20pm

I believe what you may be after is bundle_cacert_secret, a parameter you can set on the AWX custom resource definition.

github.com/ansible/awx-operator

config/crd/bases/awx.ansible.com_awxs.yaml

78864b365


      
            type: string
          development_mode:
            description: If the deployment should be done in development mode
            type: boolean
          ldap_cacert_secret:  # deprecated
            description: (Deprecated) Secret where can be found the LDAP trusted Certificate Authority Bundle
            type: string
          ldap_password_secret:  # deprecated
            description: (Deprecated) Secret where can be found the LDAP bind password
            type: string
          bundle_cacert_secret:
            description: Secret where can be found the trusted Certificate Authority Bundle
            type: string
          projects_persistence:
            description: Whether or not the /var/lib/projects directory will be persistent
            default: false
            type: boolean
          projects_use_existing_claim:
            description: Using existing PersistentVolumeClaim
            type: string
            enum:

I believe this dictates what CAs AWX itself trusts. Since notifications don’t use an EE, I assume they run their operations directly from one of the AWX containers.

ildjarn · October 10, 2025, 1:26pm

Do I need to get the current root CA list from somewhere and add the Sectigo one to that list, or do I create a CA bundle with only the Sectigo certificate and AWX will add it to the existing list itself?

Topic		Replies	Views
Notification Failure due to to certificate verify error. Ansible Project	1	9	July 1, 2020
AWX notifications AWX Project awx	0	17	November 14, 2018
AWX Jobs intermittently not inheriting notifications from job template AWX Project awx	0	3	December 20, 2018
webhook callback failing since upgraded to 1.0.2.327 AWX Project awx	2	5	January 16, 2018
Notification to Cisco Webex from AWX AWX Project awx	0	25	January 18, 2021

Questions about notifications in AWX 24.6.1

Related topics