Files
awx/tools/docker-compose/ansible/roles/sources/templates/receptor-awx.conf.j2
Shane McDonald 9f40d7a05c Disable work signing by default in dev env
Certs are generated on the host and there is currently an issue due to openssl version mispatch between Fedora 36 and CentOS Stream 8 which causes:

tools_awx_1     | ERROR 2022/11/15 17:09:17 could not load signing key file: unknown block type PRIVATE KEY
tools_awx_1     | ERROR 2022/11/15 17:09:17 could not load signing key file: unknown block type PRIVATE KEY
2022-11-15 17:16:07 -05:00

64 lines
1.4 KiB
Django/Jinja

---
- node:
id: awx_{{ item }}
firewallrules:
- action: "reject"
tonode: awx_{{ item }}
toservice: "control"
- log-level: info
- tcp-listener:
port: 2222
{% if sign_work|bool %}
- work-signing:
privatekey: /etc/receptor/work_private_key.pem
tokenexpiration: 1m
{% endif %}
{% if sign_work|bool %}
- work-verification:
publickey: /etc/receptor/work_public_key.pem
{% endif %}
{% for i in range(item | int + 1, control_plane_node_count | int + 1) %}
- tcp-peer:
address: awx_{{ i }}:2222
redial: true
{% endfor %}
#- tls-server:
# name: mutual-tls
# cert: /etc/receptor/certs/awx.crt
# key: /etc/receptor/certs/awx.key
# requireclientcert: true
# clientcas: /etc/receptor/certs/ca.crt
- control-service:
service: control
filename: {{ receptor_socket_file }}
- work-command:
worktype: local
command: ansible-runner
params: worker
allowruntimeparams: true
verifysignature: {{ sign_work }}
- work-kubernetes:
worktype: kubernetes-runtime-auth
authmethod: runtime
allowruntimeauth: true
allowruntimepod: true
allowruntimeparams: true
verifysignature: {{ sign_work }}
- work-kubernetes:
worktype: kubernetes-incluster-auth
authmethod: incluster
allowruntimeauth: true
allowruntimepod: true
allowruntimeparams: true
verifysignature: {{ sign_work }}