Custom certs not working #119
Comments
|
Looks like wrong/bad formatted data set for: |
|
I have done this procedure like 5 times, with the same result :( . Am I doing anything wrong? |
|
@arencibiafrancisco try shell script from this PR: https://github.com/fitbeard/awx-without-k8s/pull/122/files (already merged to |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
After following this process several times, with a custom domain mydomain.com the container is not starting. This process is not clear. It would help a lot to have a full example using a domain diferent from demo.io
1. Create AWX CA
openssl genrsa -out awx_receptor_signing_private_key 4096
openssl rsa -in awx_receptor_signing_private_key -out awx_receptor_signing_public_key -outform PEM -pubout
openssl genrsa -out awx_mesh_ca_key 4096
openssl req -x509 -new -nodes -key awx_mesh_ca_key -subj "/CN=AWX Jote Receptor Root CA" -sha256 -days 3650 -out awx_mesh_ca_crt
2. Create self-signed SSL for AWX web
openssl req -x509 -newkey rsa:4096 -keyout awx_web_cert_key -out awx_web_cert_crt -sha256 -days 365
openssl rsa -in awx_web_cert_key -out awx_web_cert_key
3. Create receptor signing key pair
openssl genrsa -out awx_receptor_signing_private_key 4096
openssl rsa -in awx_receptor_signing_private_key -out awx_receptor_signing_public_key -outform PEM -pubout
4. Create receptor key pair
Repeat for every node in cluster
docker pull quay.io/ansible/receptor:latest
export receptor_hostname=awx-1.jotelulu.space
docker run --rm -v $PWD:/tmp --env-file <(env | grep receptor_hostname) quay.io/ansible/receptor:latest receptor --cert-makereq bits=2048 commonname=$receptor_hostname dnsname=$receptor_hostname nodeid=$receptor_hostname outreq=/tmp/$receptor_hostname.req outkey=/tmp/$receptor_hostname.key
docker run --rm -v $PWD:/tmp --env-file <(env | grep receptor_hostname) quay.io/ansible/receptor:latest receptor --cert-signreq req=/tmp/$receptor_hostname.req cacert=/tmp/mesh-CA.crt cakey=/tmp/mesh-CA.key notbefore=$(date --iso-8601=seconds) notafter=$(date --date="+2 years" --iso-8601=seconds) outcert=/tmp/$receptor_hostname.crt verify=yes
root@awx-1:/opt/awx# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
19a163e39e45 quay.io/ansible/awx:24.2.0 "dumb-init -- /usr/b…" 3 seconds ago Up 2 seconds awx-task
f407512eb55a quay.io/ansible/awx:24.2.0 "dumb-init -- /usr/b…" 4 seconds ago Up 3 seconds awx-web
c04f4f6fc7d5 quay.io/ansible/awx:24.2.0 "dumb-init -- /usr/b…" 4 seconds ago Up 3 seconds awx-rsyslog
9a7ad4c48369 redis:7 "docker-entrypoint.s…" 4 seconds ago Up 3 seconds redis
c3475269d6be nginx:stable "/docker-entrypoint.…" 4 seconds ago Up 3 seconds nginx
0b5a39e34bb8 quay.io/tadas/awx-without-k8s-ee:24.2.0 "/opt/builder/bin/en…" 4 seconds ago Restarting (1) Less than a second ago awx-ee
110b89c19fca postgres:15 "docker-entrypoint.s…" 19 hours ago Up 26 minutes postgres
root@awx-1:/opt/awx# docker logs -f 0b5a39e34bb8
Error: error preparing tls client config: tls: failed to find any PEM data in certificate input
Error: error preparing tls client config: tls: failed to find any PEM data in certificate input
Error: error preparing tls client config: tls: failed to find any PEM data in certificate input
Error: error preparing tls client config: tls: failed to find any PEM data in certificate input
Error: error preparing tls client config: tls: failed to find any PEM data in certificate input
Error: error preparing tls client config: tls: failed to find any PEM data in certificate input
Error: error preparing tls client config: tls: failed to find any PEM data in certificate input
Error: error preparing tls client config: tls: failed to find any PEM data in certificate input
root@awx-1:/opt/awx#
The text was updated successfully, but these errors were encountered: