bunny-lab/docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Docker & Kubernetes/Servers/AWX/AWX Operator/Ansible AWX Operator.md

Browse Source
This commit is contained in:
Nicole Rappe
2024-08-07 01:19:20 -06:00
parent dbc24dc863
commit 200f5ab046
1 changed files with 11 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
Docker & Kubernetes/Servers/AWX/AWX Operator/Ansible AWX Operator.md
View File

@ -267,6 +267,9 @@ kubectl -n awx create configmap awx-kerberos-config --from-file=/awx/krb5.conf
```
### Create Custom DNS Host Records for Domain Controllers
!!! note
This section is not strictly needed if the server has a good DNS server outside of it that can resolve the DNS of the domain controllers / devices.
You will need to be sure that AWX is able to resolve the FQDNs of the domain controllers for Kerberos to be happy. We will do this by adding another config file in the `/awx` directory and applying it to the deployment.
```jsx title="/awx/custom_dns_records.yml"
apiVersion: v1
@ -304,12 +307,15 @@ spec:
initContainers:
- name: init-hosts
image: busybox
command: ['sh', '-c', 'cat /etc/custom-dns/custom-hosts >> /etc/hosts']
command:
- sh
- '-c'
- cat /etc/custom-dns/custom-hosts >> /etc/hosts
volumeMounts:
- name: custom-dns
mountPath: /etc/custom-dns
containers:
- image: 'quay.io/ansible/awx-ee:latest'
- image: quay.io/ansible/awx-ee:latest
name: worker
args:
- ansible-runner
@ -330,7 +336,6 @@ spec:
- name: custom-dns
configMap:
name: custom-dns
```
### Job Template & Inventory Examples
@ -344,7 +349,7 @@ kerberos_user: "nicole.rappe@BUNNY-LAB.IO"
You will want to ensure your inventory file is configured to use Kerberos Authentication as well, so the following example is a starting point:
``` ini
virt-node-01 ansible_host=192.168.3.22
virt-node-01 ansible_host=virt-node-01.bunny-lab.io
[virtualizationHosts]
virt-node-01
@ -355,9 +360,10 @@ ansible_port=5986
ansible_winrm_transport=kerberos
ansible_winrm_scheme=https
ansible_winrm_server_cert_validation=ignore
ansible_winrm_kerberos_realm=BUNNY-LAB.IO
#kerberos_user=nicole.rappe@BUNNY-LAB.IO #Optional, if you define this in the Job Template, it is not necessary.
```
!!! failure "Usage of Fully-Quality Domain Names"
It is critical that you define Kerberos-authenticated devices with fully qualified domain names. This is just something I found out from 4+ hours of troubleshooting. If the device is Linux or you are using NTLM authentication instead of Kerberos authentication, you can skip this warning. If you do not define the inventory using FQDNs, it will fail to run the commands against the targeted device(s).
Lastly, we want to ensure we have Keytab generation happening when the playbook is executed, so add these tasks to the beginning of your playbook(s) that interact with Kerberos devices:
``` yaml