mirror of
https://github.com/ansible/awx.git
synced 2026-03-11 06:29:31 -02:30
24a6edef9e
-- Updated devel build to take most recent receptor binary -- Added signWork parameter when sedning job to receptor -- Modified docker-compose tasks to generate RSA key pair to use for work-signing -- Modified docker-compose templates and jinja templates for implementing work-sign -- Modified Firewall rules on the receptor jinja config Add firewall rules to dev env
60 lines
1.3 KiB
Django/Jinja
60 lines
1.3 KiB
Django/Jinja
---
|
|
- node:
|
|
id: awx_{{ item }}
|
|
firewallrules:
|
|
- action: "reject"
|
|
tonode: awx_{{ item }}
|
|
toservice: "control"
|
|
|
|
- log-level: info
|
|
|
|
- tcp-listener:
|
|
port: 2222
|
|
|
|
- work-signing:
|
|
privatekey: /etc/receptor/work_private_key.pem
|
|
tokenexpiration: 1m
|
|
|
|
- work-verification:
|
|
publickey: /etc/receptor/work_public_key.pem
|
|
|
|
{% for i in range(item | int + 1, control_plane_node_count | int + 1) %}
|
|
- tcp-peer:
|
|
address: awx_{{ i }}:2222
|
|
redial: true
|
|
{% endfor %}
|
|
|
|
#- tls-server:
|
|
# name: mutual-tls
|
|
# cert: /etc/receptor/certs/awx.crt
|
|
# key: /etc/receptor/certs/awx.key
|
|
# requireclientcert: true
|
|
# clientcas: /etc/receptor/certs/ca.crt
|
|
|
|
- control-service:
|
|
service: control
|
|
filename: {{ receptor_socket_file }}
|
|
|
|
- work-command:
|
|
worktype: local
|
|
command: ansible-runner
|
|
params: worker
|
|
allowruntimeparams: true
|
|
verifysignature: true
|
|
|
|
- work-kubernetes:
|
|
worktype: kubernetes-runtime-auth
|
|
authmethod: runtime
|
|
allowruntimeauth: true
|
|
allowruntimepod: true
|
|
allowruntimeparams: true
|
|
verifysignature: true
|
|
|
|
- work-kubernetes:
|
|
worktype: kubernetes-incluster-auth
|
|
authmethod: incluster
|
|
allowruntimeauth: true
|
|
allowruntimepod: true
|
|
allowruntimeparams: true
|
|
verifysignature: true
|