I’m currently in the process of integrating my HobbitCloud machines into Ansible AWX. After creating an inventory, establishing my groups and adding my hosts, I began to create an SCM-based project that connects to my internal GitLab server. Unfortunately, I ran straight into an error.
It’s pretty clear it doesn’t like the SSL certificate I’ve chosen to secure my GitLab server with. Whilst it was issued from the same certificate authority as my AWX server certificate, the full chain has not been applied to the Ansible AWX installation.
However, copying the full chain to the correct server is not enough, as Ansible uses Docker containers. The solution is to push it directly into the awx_task container.
To do this, list the Docker containers on your AWX server using:
Note the container ID of the awx_task container:
Next, copy your full SSL chain to the container:
docker cp chain.pem 6fe4edceb452:/chain.pem
Move inside the container, bringing up a Bash terminal:
docker exec -it 6fe4edceb452 /bin/bash
Copy the chain to the correct folder:
mv chain.pem /etc/pki/ca-trust/source/anchors/
Finally, update the SSL trust anchors:
Update: one of my readers has commented it would be better to make this solution persistent, to which I fully agree.
To do this, edit your inventory file and uncomment the following line:
Re-run the installer using the following to make the changes persistent:
ansible-playbook -i inventory install.yml