mirror of
https://github.com/ansible/awx.git
synced 2026-02-19 12:10:06 -03:30
9f40d7a05c
Certs are generated on the host and there is currently an issue due to openssl version mispatch between Fedora 36 and CentOS Stream 8 which causes: tools_awx_1 | ERROR 2022/11/15 17:09:17 could not load signing key file: unknown block type PRIVATE KEY tools_awx_1 | ERROR 2022/11/15 17:09:17 could not load signing key file: unknown block type PRIVATE KEY
64 lines
1.4 KiB
Django/Jinja
64 lines
1.4 KiB
Django/Jinja
---
|
|
- node:
|
|
id: awx_{{ item }}
|
|
firewallrules:
|
|
- action: "reject"
|
|
tonode: awx_{{ item }}
|
|
toservice: "control"
|
|
|
|
- log-level: info
|
|
|
|
- tcp-listener:
|
|
port: 2222
|
|
|
|
{% if sign_work|bool %}
|
|
- work-signing:
|
|
privatekey: /etc/receptor/work_private_key.pem
|
|
tokenexpiration: 1m
|
|
{% endif %}
|
|
|
|
{% if sign_work|bool %}
|
|
- work-verification:
|
|
publickey: /etc/receptor/work_public_key.pem
|
|
{% endif %}
|
|
|
|
{% for i in range(item | int + 1, control_plane_node_count | int + 1) %}
|
|
- tcp-peer:
|
|
address: awx_{{ i }}:2222
|
|
redial: true
|
|
{% endfor %}
|
|
|
|
#- tls-server:
|
|
# name: mutual-tls
|
|
# cert: /etc/receptor/certs/awx.crt
|
|
# key: /etc/receptor/certs/awx.key
|
|
# requireclientcert: true
|
|
# clientcas: /etc/receptor/certs/ca.crt
|
|
|
|
- control-service:
|
|
service: control
|
|
filename: {{ receptor_socket_file }}
|
|
|
|
- work-command:
|
|
worktype: local
|
|
command: ansible-runner
|
|
params: worker
|
|
allowruntimeparams: true
|
|
verifysignature: {{ sign_work }}
|
|
|
|
- work-kubernetes:
|
|
worktype: kubernetes-runtime-auth
|
|
authmethod: runtime
|
|
allowruntimeauth: true
|
|
allowruntimepod: true
|
|
allowruntimeparams: true
|
|
verifysignature: {{ sign_work }}
|
|
|
|
- work-kubernetes:
|
|
worktype: kubernetes-incluster-auth
|
|
authmethod: incluster
|
|
allowruntimeauth: true
|
|
allowruntimepod: true
|
|
allowruntimeparams: true
|
|
verifysignature: {{ sign_work }}
|