Ansible AWX: How to configure SSL/HTTPs

Initial situation, HTTP :

We have an standalone instance of Ansible AWX(Docker version) already installed in a CentOS linux machine.

The web container called awx_web, is configured with http, port 80.

# docker ps
CONTAINER ID        IMAGE                COMMAND                  CREATED             STATUS              PORTS                  NAMES
bb3053c6cd38        ansible/awx:13.0.0   "tini -- /bin/sh -c …"   7 days ago          Up 6 days >8052/tcp   awx_web

And the values into inventory file related to SSL are still commented :

# vi /opt/ansible-awx/awx/installer/inventory

Configure SSL / HTTPs :

In a testing Lab environment we need to create a self-signed certificate.

Create awx-ssl folder in /opt/ansible-awx/awx/installer :

# mkdir -p /opt/ansible-awx/awx/installer/awx-ssl

Generate a self-signed SSL certificate with your own information :

CN : Common Name
O : Organization
C : Country

# openssl req -subj '/CN=ansible.awx/O=Lab/C=FR' \
	-new -newkey rsa:2048 \
	-sha256 -days 1365 \
	-nodes -x509 \
	-keyout /opt/ansible-awx/awx/installer/awx-ssl/awx.key \
	-out /opt/ansible-awx/awx/installer/awx-ssl//awx.crt

Merge awx.key and awx.crt files into a final certificate file called awx-self-signed-key.crt :

# cd /opt/ansible-awx/awx/installer/awx-ssl
# cat awx.key  awx.crt > awx-self-signed-key.crt

Modify the Ansible AWX inventory file to configure our ssl certificate :

# vi /opt/ansible-awx/awx/installer/inventory

Relaunch Ansible AWX Installation Playbook :

To reconfigure the web container(awx_web) with the SSL new parameters, it’s necessary to relaunch the installation command to apply all the changes into the container, more specifically, to modify the nginx web server configuration inside the container.

Execute the following :

# cd /opt/ansible-awx/awx/installer
# ansible-playbook -i inventory install.yml

Now the web container called awx_web, is configured with https, port 443.

# docker ps
CONTAINER ID        IMAGE                COMMAND                  CREATED             STATUS              PORTS                                         NAMES
9d01d5daa7da        ansible/awx:13.0.0   "tini -- /bin/sh -c …"   10 minutes ago      Up 10 minutes>8053/tcp   awx_web

And the Ansible AWX instance can be accessible by https :


Quick verification

We can check just inside the awx_web container, and see that there is our certificate file but with the name awxweb.pem :

Access to web container :

# docker exec -ti awx_web /bin/bash

Check file certificate :

# cd /etc/nginx
# ls -l awxweb.pem


This article was written by RoberMB

💻OS, ☁️Cloud, 🛡️Cybersecurity, ✈️Traveling #Linux, #Ansible, #AWS, #VMware, #Docker 🏴‍☠️ CEH v10, CPHE 🏴‍☠️ ... Always learning, always enjoying.

Leave a Reply

Your email address will not be published. Required fields are marked *