expand/awx-on-k3s
1
0
Fork 0
mirror of https://github.com/Expand-sys/awx-on-k3s synced 2025-12-15 13:32:14 +11:00
Code Issues Projects Releases Packages Wiki Activity Actions

docs: format emojis for the lines to be modified (#320)

Browse source
This commit is contained in:
kurokobo 2024-03-18 00:32:00 +09:00 committed by GitHub
parent 2cc2501ad4
commit 67ebb51523
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
20 changed files with 150 additions and 150 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -141,7 +141,7 @@ spec:
...
ingress_type: ingress
ingress_hosts:
- hostname: awx.example.com 👈👈👈
- hostname: awx.example.com 👈👈👈
tls_secret: awx-secret-tls
...
```
@ -157,13 +157,13 @@ Modify the two `password` entries in `base/kustomization.yaml`. Note that the `p
- port=5432
- database=awx
- username=awx
- password=Ansible123! 👈👈👈
- password=Ansible123! 👈👈👈
- type=managed
- name: awx-admin-password
type: Opaque
literals:
- password=Ansible123! 👈👈👈
- password=Ansible123! 👈👈👈
...
```

50
acme/README.md
View file

@ -59,18 +59,18 @@ cert-manager-webhook-6668fbb57d-r9dmj 1/1 Running 0 21h
To use **DNS-01** challenge with **Azure DNS** with **Service Principal**, the following information is required.
- **Client ID**
- [Azure Active Directory] > [App registrations] > Your Application > [Application ID]
- **Client Secret**
- [Azure Active Directory] > [App registrations] > Your Application > [Certificates & secrets] > [Client secrets] > [Value]
- **Subscription ID**
- [DNS zones] > Your Zone > [Subscription ID]
- **Tenant ID**
- [Azure Active Directory] > [Properties] > [Tenant ID]
- `DNS zones` > Your Zone > `Subscription ID`
- **Name of Resource Group**
- [DNS zones] > Your Zone > [Resource group]
- `DNS zones` > Your Zone > `Resource group`
- **Name of DNS Zone**
- [DNS zones] > Your Zone
- `DNS zones` > Your Zone
- **Tenant ID**
- `Microsoft Entra ID` > `Properties` > `Tenant ID`
- **Client ID**
- `Microsoft Entra ID` > `App registrations` > Your Application > `Application (client) ID`
- **Client Secret**
- `Microsoft Entra ID` > `App registrations` > Your Application > `Certificates & secrets` > `Client secrets` > `Value`
Then modify required fields in `acme/issuer.yaml`.
@ -78,9 +78,9 @@ Then modify required fields in `acme/issuer.yaml`.
...
spec:
acme:
email: cert@example.com 👈👈👈
email: cert@example.com 👈👈👈
server: https://acme-staging-v02.api.letsencrypt.org/directory 👈👈👈
server: https://acme-staging-v02.api.letsencrypt.org/directory 👈👈👈
privateKeySecretRef:
name: awx-issuer-account-key
@ -88,12 +88,12 @@ spec:
solvers:
- dns01:
azureDNS:
clientID: 00000000-0000-0000-0000-000000000000 👈👈👈
subscriptionID: 00000000-0000-0000-0000-000000000000 👈👈👈
tenantID: 00000000-0000-0000-0000-000000000000 👈👈👈
resourceGroupName: example-rg 👈👈👈
hostedZoneName: example.com 👈👈👈
environment: AzurePublicCloud
subscriptionID: 00000000-0000-0000-0000-000000000000 👈👈👈
resourceGroupName: example-rg 👈👈👈
hostedZoneName: example.com 👈👈👈
tenantID: 00000000-0000-0000-0000-000000000000 👈👈👈
clientID: 00000000-0000-0000-0000-000000000000 👈👈👈
clientSecretSecretRef:
name: azuredns-config
key: client-secret
@ -106,7 +106,7 @@ To store Client Secret for the Service Principal to Secret resource in Kubernete
- name: azuredns-config
type: Opaque
literals:
- client-secret=0000000000000000000000000000000000 👈👈👈
- client-secret=0000000000000000000000000000000000 👈👈👈
...
```
@ -135,11 +135,11 @@ spec:
...
ingress_type: ingress
ingress_hosts:
- hostname: awx.example.com 👈👈👈
- hostname: awx.example.com 👈👈👈
tls_secret: awx-secret-tls
ingress_annotations: | 👈👈👈
cert-manager.io/issuer: awx-issuer 👈👈👈
ingress_annotations: | 👈👈👈
cert-manager.io/issuer: awx-issuer 👈👈👈
```
Finally, comment out or delete all of the `awx-secret-tls` part in `base/kustomization.yaml`, as the actual contents of `awx-secret-tls` are automatically managed by cert-manager and do not need to be specified manually.
@ -150,11 +150,11 @@ generatorOptions:
disableNameSuffixHash: true
secretGenerator:
# - name: awx-secret-tls 👈👈👈
# type: kubernetes.io/tls 👈👈👈
# files: 👈👈👈
# - tls.crt 👈👈👈
# - tls.key 👈👈👈
# - name: awx-secret-tls 👈👈👈
# type: kubernetes.io/tls 👈👈👈
# files: 👈👈👈
# - tls.crt 👈👈👈
# - tls.key 👈👈👈
- name: awx-postgres-configuration
type: Opaque

6
acme/issuer.yaml
View file

@ -20,12 +20,12 @@ spec:
solvers:
- dns01:
azureDNS:
clientID: 00000000-0000-0000-0000-000000000000
environment: AzurePublicCloud
subscriptionID: 00000000-0000-0000-0000-000000000000
tenantID: 00000000-0000-0000-0000-000000000000
resourceGroupName: example-rg
hostedZoneName: example.com
environment: AzurePublicCloud
tenantID: 00000000-0000-0000-0000-000000000000
clientID: 00000000-0000-0000-0000-000000000000
clientSecretSecretRef:
name: azuredns-config
key: client-secret

2
backup/README.md
View file

@ -41,7 +41,7 @@ Modify the name of the AWXBackup object in `backup/awxbackup.yaml`.
...
kind: AWXBackup
metadata:
name: awxbackup-2021-06-06 👈👈👈
name: awxbackup-2021-06-06 👈👈👈
namespace: awx
...
```

6
galaxy/README.md
View file

@ -91,7 +91,7 @@ spec:
...
ingress_type: ingress
ingress_tls_secret: galaxy-secret-tls
hostname: galaxy.example.com 👈👈👈
hostname: galaxy.example.com 👈👈👈
...
```
@ -106,14 +106,14 @@ Modify two `password`s in `galaxy/galaxy/kustomization.yaml`.
- port=5432
- database=galaxy
- username=galaxy
- password=Galaxy123! 👈👈👈
- password=Galaxy123! 👈👈👈
- sslmode=prefer
- type=managed
- name: galaxy-admin-password
type: Opaque
literals:
- password=Galaxy123! 👈👈👈
- password=Galaxy123! 👈👈👈
...
```

2
git/README.md
View file

@ -32,7 +32,7 @@ Modify `hosts` and `host` in `git/ingress.yaml`.
- git.example.com 👈👈👈
secretName: git-secret-tls
rules:
- host: git.example.com 👈👈👈
- host: git.example.com 👈👈👈
...
```

4
registry/README.md
View file

@ -35,7 +35,7 @@ Modify `hosts` and `host` in `registry/ingress.yaml`.
- registry.example.com 👈👈👈
secretName: registry-secret-tls
rules:
- host: registry.example.com 👈👈👈
- host: registry.example.com 👈👈👈
...
```
@ -53,7 +53,7 @@ Replace `htpasswd` in `registry/configmap.yaml` with your own `htpasswd` string
```yaml
...
htpasswd: |-
reguser:$2y$05$VLMvcWCPF0VUuHi0BXBz7eoXGZ6KRl1gataiqTXz4DdSVIXGloKiq 👈👈👈
reguser:$2y$05$VLMvcWCPF0VUuHi0BXBz7eoXGZ6KRl1gataiqTXz4DdSVIXGloKiq 👈👈👈
```
Prepare directories for Persistent Volumes defined in `registry/pv.yaml`.

8
restore/README.md
View file

@ -60,7 +60,7 @@ Modify the name of the AWXRestore object in `restore/awxrestore.yaml`.
...
kind: AWXRestore
metadata:
name: awxrestore-2021-06-06 👈👈👈
name: awxrestore-2021-06-06 👈👈👈
namespace: awx
...
```
@ -70,7 +70,7 @@ If you want to restore from AWXBackup object, specify its name in `restore/awxre
```yaml
...
# Parameters to restore from AWXBackup object
backup_name: awxbackup-2021-06-06 👈👈👈
backup_name: awxbackup-2021-06-06 👈👈👈
...
```
@ -79,8 +79,8 @@ If the AWXBackup object no longer exists, place the backup files under `/data/ba
```yaml
...
# Parameters to restore from existing files on PVC (without AWXBackup object)
backup_pvc: awx-backup-claim 👈👈👈
backup_dir: /backups/tower-openshift-backup-2021-06-06-105149 👈👈👈
backup_pvc: awx-backup-claim 👈👈👈
backup_dir: /backups/tower-openshift-backup-2021-06-06-105149 👈👈👈
...
```

16
rulebooks/README.md
View file

@ -85,9 +85,9 @@ spec:
...
ingress_type: ingress
ingress_tls_secret: eda-secret-tls
hostname: eda.example.com 👈👈👈
hostname: eda.example.com 👈👈👈
automation_server_url: https://awx.example.com/ 👈👈👈
automation_server_url: https://awx.example.com/ 👈👈👈
automation_server_ssl_verify: no
...
```
@ -103,13 +103,13 @@ Modify two `password`s in `rulebooks/server/kustomization.yaml`.
- port=5432
- database=eda
- username=eda
- password=Ansible123! 👈👈👈
- password=Ansible123! 👈👈👈
- type=managed
- name: eda-admin-password
type: Opaque
literals:
- password=Ansible123! 👈👈👈
- password=Ansible123! 👈👈👈
...
```
@ -364,17 +364,17 @@ Modify `hosts`, `host`, and `name` under `service` in `rulebooks/webhook/ingress
spec:
tls:
- hosts:
- eda.example.com 👈👈👈
- eda.example.com 👈👈👈
secretName: eda-secret-tls
rules:
- host: eda.example.com 👈👈👈
- host: eda.example.com 👈👈👈
http:
paths:
- path: /webhooks/demo
pathType: ImplementationSpecific
backend:
service:
name: activation-job-1-1-5000 👈👈👈
name: activation-job-1-1-5000 👈👈👈
port:
number: 5000
```
@ -388,7 +388,7 @@ $ kubectl apply -f rulebooks/webhook/ingress.yaml
$ kubectl -n eda get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
eda-ingress traefik eda.example.com 192.168.0.219 80, 443 4h45m
eda-ingress-webhook traefik eda.example.com 192.168.0.219 80, 443 1s 👈👈👈
eda-ingress-webhook traefik eda.example.com 192.168.0.219 80, 443 1s 👈👈👈
```
### Trigger Rule using Webhook

2
tips/alternative-methods.md
View file

@ -83,7 +83,7 @@ Then, comment out or delete reference to `awx.yaml` in `base/kustomization.yaml`
resources:
- pv.yaml
- pvc.yaml
# - awx.yaml 👈👈👈
# - awx.yaml 👈👈👈
```
Then create Namespace, PVs, and Secrets. Now all required resources that will be referenced in the `spec` of the AWX instance have been created.

10
tips/dockerhub-rate-limit.md
View file

@ -72,10 +72,10 @@ Then, add following four lines to under `secretGenerator` in `base/kustomization
...
secretGenerator:
...
- name: awx-registry-secret 👈👈👈
type: kubernetes.io/dockerconfigjson 👈👈👈
files: 👈👈👈
- .dockerconfigjson=config.json 👈👈👈
- name: awx-registry-secret 👈👈👈
type: kubernetes.io/dockerconfigjson 👈👈👈
files: 👈👈👈
- .dockerconfigjson=config.json 👈👈👈
...
resources:
...
@ -89,7 +89,7 @@ Finally, add following line to `base/awx.yaml`.
...
spec:
...
image_pull_secret: awx-registry-secret 👈👈👈
image_pull_secret: awx-registry-secret 👈👈👈
...
```

10
tips/enable-hsts.md
View file

@ -75,8 +75,8 @@ Add these two lines to your `awx.yaml`,
```yaml
spec:
...
ingress_annotations: | 👈👈👈
traefik.ingress.kubernetes.io/router.middlewares: kube-system-hsts@kubernetescrd 👈👈👈
ingress_annotations: | 👈👈👈
traefik.ingress.kubernetes.io/router.middlewares: kube-system-hsts@kubernetescrd 👈👈👈
```
then invoke `apply` again. Once the command has been invoked, then AWX Operator will start to modify related resources. Note that the AWX Pod will be recreated, so AWX will be temporarily disabled.
@ -90,7 +90,7 @@ secret/awx-secret-tls configured
persistentvolume/awx-postgres-15-volume unchanged
persistentvolume/awx-projects-volume unchanged
persistentvolumeclaim/awx-projects-claim unchanged
awx.awx.ansible.com/awx configured 👈👈👈
awx.awx.ansible.com/awx configured 👈👈👈
```
Once this completed, the logs of `deployments/awx-operator-controller-manager` end with:
@ -157,8 +157,8 @@ apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: <resource name>
annotations: 👈👈👈
traefik.ingress.kubernetes.io/router.middlewares: kube-system-hsts@kubernetescrd 👈👈👈
annotations: 👈👈👈
traefik.ingress.kubernetes.io/router.middlewares: kube-system-hsts@kubernetescrd 👈👈👈
...
```

4
tips/expose-hosts.md
View file

@ -45,8 +45,8 @@ One easy way to do this is to use `dnsmasq`.
server \
'--write-kubeconfig-mode' \
'644' \
'--resolv-conf' \ 👈👈👈
'/etc/rancher/k3s/resolv.conf' \ 👈👈👈
'--resolv-conf' \ 👈👈👈
'/etc/rancher/k3s/resolv.conf' \ 👈👈👈
```
5. Restart K3s and CoreDNS. The K3s service can be safely restarted without affecting the running resources.

50
tips/external-db.md
View file

@ -54,10 +54,10 @@ spec:
...
postgres_configuration_secret: awx-postgres-configuration
# postgres_storage_class: awx-postgres-volume 👈👈👈
# postgres_storage_requirements: 👈👈👈
# requests: 👈👈👈
# storage: 8Gi 👈👈👈
# postgres_storage_class: awx-postgres-volume 👈👈👈
# postgres_storage_requirements: 👈👈👈
# requests: 👈👈👈
# storage: 8Gi 👈👈👈
projects_persistence: true
projects_existing_claim: awx-projects-claim
@ -74,13 +74,13 @@ secretGenerator:
- name: awx-postgres-configuration
type: Opaque
literals:
- host=postgres.example.internal 👈👈👈
- port=5432 👈👈👈
- database=awx 👈👈👈
- username=awx 👈👈👈
- password=SecurePasswordForMyExternalPostgreSQLForAWX123! 👈👈👈
- sslmode=prefer 👈👈👈
- type=unmanaged 👈👈👈
- host=postgres.example.internal 👈👈👈
- port=5432 👈👈👈
- database=awx 👈👈👈
- username=awx 👈👈👈
- password=SecurePasswordForMyExternalPostgreSQLForAWX123! 👈👈👈
- sslmode=prefer 👈👈👈
- type=unmanaged 👈👈👈
```
Note that the `type=unmanaged` is the important configuration to use external database.
@ -90,20 +90,20 @@ Note that the `type=unmanaged` is the important configuration to use external da
Comment out following unnecessary lines which related to `awx-postgres-13-volume` in `base/pv.yaml`.
```yaml
# --- 👈👈👈
# apiVersion: v1 👈👈👈
# kind: PersistentVolume 👈👈👈
# metadata: 👈👈👈
# name: awx-postgres-13-volume 👈👈👈
# spec: 👈👈👈
# accessModes: 👈👈👈
# - ReadWriteOnce 👈👈👈
# persistentVolumeReclaimPolicy: Retain 👈👈👈
# capacity: 👈👈👈
# storage: 8Gi 👈👈👈
# storageClassName: awx-postgres-volume 👈👈👈
# hostPath: 👈👈👈
# path: /data/postgres-13 👈👈👈
# --- 👈👈👈
# apiVersion: v1 👈👈👈
# kind: PersistentVolume 👈👈👈
# metadata: 👈👈👈
# name: awx-postgres-13-volume 👈👈👈
# spec: 👈👈👈
# accessModes: 👈👈👈
# - ReadWriteOnce 👈👈👈
# persistentVolumeReclaimPolicy: Retain 👈👈👈
# capacity: 👈👈👈
# storage: 8Gi 👈👈👈
# storageClassName: awx-postgres-volume 👈👈👈
# hostPath: 👈👈👈
# path: /data/postgres-13 👈👈👈
---
apiVersion: v1

4
tips/manual-project.md
View file

@ -17,8 +17,8 @@ Create new directory under `/data/projects` on your K3s host, and place your pla
```bash
$ tree /data/projects/
/data/projects/
`-- my-first-manual-project 👈👈👈
`-- my-playbook.yaml 👈👈👈
`-- my-first-manual-project 👈👈👈
`-- my-playbook.yaml 👈👈👈
```
Go to `Resources` > `Projects` > `Add` in AWX Web UI, fill `Name` field and select `Manual` as `Source Control Type`.

40
tips/troubleshooting.md
View file

@ -63,8 +63,8 @@ $ kubectl -n awx describe pod awx-task-5d8cd9b6b9-8ptjt
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedScheduling 106s default-scheduler 0/1 nodes are available: 1 Insufficient cpu, 1 Insufficient memory. 👈👈👈
Warning FailedScheduling 105s default-scheduler 0/1 nodes are available: 1 Insufficient cpu, 1 Insufficient memory. 👈👈👈
Warning FailedScheduling 106s default-scheduler 0/1 nodes are available: 1 Insufficient cpu, 1 Insufficient memory. 👈👈👈
Warning FailedScheduling 105s default-scheduler 0/1 nodes are available: 1 Insufficient cpu, 1 Insufficient memory. 👈👈👈
```
In most cases, you can find the reason why the Pod is not `Running` from `Events`. In the example above, I can see that it is due to lack of CPU or memory.
@ -131,7 +131,7 @@ To achieve this, you can uncomment `no_log: false` manually under `spec` for you
spec:
...
# Uncomment to reveal "censored" logs
no_log: false 👈👈👈
no_log: false 👈👈👈
...
```
@ -166,8 +166,8 @@ $ kubectl -n awx describe pod awx-task-5d8cd9b6b9-8ptjt
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedScheduling 106s default-scheduler 0/1 nodes are available: 1 Insufficient cpu, 1 Insufficient memory. 👈👈👈
Warning FailedScheduling 105s default-scheduler 0/1 nodes are available: 1 Insufficient cpu, 1 Insufficient memory. 👈👈👈
Warning FailedScheduling 106s default-scheduler 0/1 nodes are available: 1 Insufficient cpu, 1 Insufficient memory. 👈👈👈
Warning FailedScheduling 105s default-scheduler 0/1 nodes are available: 1 Insufficient cpu, 1 Insufficient memory. 👈👈👈
```
Typical solutions are one of the following:
@ -181,14 +181,14 @@ Typical solutions are one of the following:
...
spec:
...
web_resource_requirements: {} 👈👈👈
task_resource_requirements: {} 👈👈👈
ee_resource_requirements: {} 👈👈👈
init_container_resource_requirements: {} 👈👈👈
postgres_init_container_resource_requirements: {} 👈👈👈
postgres_resource_requirements: {} 👈👈👈
redis_resource_requirements: {} 👈👈👈
rsyslog_resource_requirements: {} 👈👈👈
web_resource_requirements: {} 👈👈👈
task_resource_requirements: {} 👈👈👈
ee_resource_requirements: {} 👈👈👈
init_container_resource_requirements: {} 👈👈👈
postgres_init_container_resource_requirements: {} 👈👈👈
postgres_resource_requirements: {} 👈👈👈
redis_resource_requirements: {} 👈👈👈
rsyslog_resource_requirements: {} 👈👈👈
```
- You can specify more specific value for each containers. Refer [official documentation](https://ansible.readthedocs.io/projects/awx-operator/en/latest/user-guide/advanced-configuration/containers-resource-requirements.html) for details.
@ -204,7 +204,7 @@ $ kubectl -n awx describe pod awx-task-5d8cd9b6b9-8ptjt
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedScheduling 24s default-scheduler 0/1 nodes are available: 1 pod has unbound immediate PersistentVolumeClaims. 👈👈👈
Warning FailedScheduling 24s default-scheduler 0/1 nodes are available: 1 pod has unbound immediate PersistentVolumeClaims. 👈👈👈
```
Check the `STATUS` of your PVs and ensure your PVs doesn't have `Available` or `Bound` state.
@ -360,10 +360,10 @@ ExecStart=/usr/local/bin/k3s \
server \
'--write-kubeconfig-mode' \
'644' \
'--kubelet-arg' \ 👈👈👈
'--kubelet-arg' \ 👈👈👈
'container-log-max-files=4' \ 👈👈👈
'--kubelet-arg' \ 👈👈👈
'container-log-max-size=50Mi' \ 👈👈👈
'--kubelet-arg' \ 👈👈👈
'container-log-max-size=50Mi' \ 👈👈👈
```
Then restart K3s. The K3s service can be safely restarted without affecting the running resources.
@ -411,9 +411,9 @@ If you want to use `base/awx.yaml` to achieve this, add following three lines to
...
spec:
...
extra_settings: 👈👈👈
- setting: REMOTE_HOST_HEADERS 👈👈👈
value: "['HTTP_X_FORWARDED_FOR', 'REMOTE_ADDR', 'REMOTE_HOST']" 👈👈👈
extra_settings: 👈👈👈
- setting: REMOTE_HOST_HEADERS 👈👈👈
value: "['HTTP_X_FORWARDED_FOR', 'REMOTE_ADDR', 'REMOTE_HOST']" 👈👈👈
```
Then apply this change and wait for your AWX will be reconfigured.

18
tips/trust-custom-ca.md
View file

@ -56,7 +56,7 @@ Place your certificates under `base` directory.
$ ls -l base
total 32
-rw-rw-r--. 1 kuro kuro 801 Feb 27 00:23 awx.yaml
-rw-rw-r--. 1 kuro kuro 1339 Feb 27 00:44 cacert.pem 👈👈👈
-rw-rw-r--. 1 kuro kuro 1339 Feb 27 00:44 cacert.pem 👈👈👈
-rw-rw-r--. 1 kuro kuro 610 Feb 27 00:23 kustomization.yaml
...
```
@ -100,11 +100,11 @@ Note that this example provides both `ldap-ca.crt` and `bundle-ca.crt`, but you
...
secretGenerator:
...
- name: awx-custom-certs 👈👈👈
type: Opaque 👈👈👈
files: 👈👈👈
- name: awx-custom-certs 👈👈👈
type: Opaque 👈👈👈
files: 👈👈👈
- ldap-ca.crt=<Name Of Your Certificate File> 👈👈👈
- bundle-ca.crt=<Name Of Your Certificate File> 👈👈👈
- bundle-ca.crt=<Name Of Your Certificate File> 👈👈👈
...
```
@ -119,7 +119,7 @@ Note that this example provides both `ldap_cacert_secret` (should have `ldap-ca.
spec:
...
ldap_cacert_secret: awx-custom-certs 👈👈👈
bundle_cacert_secret: awx-custom-certs 👈👈👈
bundle_cacert_secret: awx-custom-certs 👈👈👈
...
```
@ -187,7 +187,7 @@ verify return:1
depth=0 C = JP, ST = Example State, O = EXAMPLE.COM, CN = ldap.example.com
verify return:1
---
Certificate chain 👈👈👈 Ensure that the full certificate chain is recognized
Certificate chain 👈👈👈 Ensure that the full certificate chain is recognized
0 s:C = JP, ST = Example State, O = EXAMPLE.COM, CN = ldap.example.com
i:C = JP, ST = Example State, O = EXAMPLE.COM, CN = ica.example.com
...
@ -201,12 +201,12 @@ Certificate chain 👈👈👈 Ensure that the full certificate chain is rec
...
---
SSL handshake has read 3210 bytes and written 413 bytes
Verification: OK 👈👈👈 Ensure there is no verification error
Verification: OK 👈👈👈 Ensure there is no verification error
---
...
SSL-Session:
...
Verify return code: 0 (ok) 👈👈👈 Ensure there is no verification error
Verify return code: 0 (ok) 👈👈👈 Ensure there is no verification error
...
```

6
tips/upgrade-operator.md
View file

@ -253,7 +253,7 @@ If the K3s node does not have enough free resources to deploy a new AWX instance
$ kubectl -n awx get pods
NAME READY STATUS RESTARTS AGE
awx-7d74496d7d-d66dw 4/4 Running 0 19d
awx-84d5c45999-55gb4 0/4 Pending 0 10s 👈👈👈
awx-84d5c45999-55gb4 0/4 Pending 0 10s 👈👈👈
```
Try running `kubectl -n awx describe pod <Pod Name>` and check the `Events` section at the end for the cause.
@ -264,8 +264,8 @@ $ kubectl -n awx describe pod awx-84d5c45999-55gb4
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedScheduling 106s default-scheduler 0/1 nodes are available: 1 Insufficient cpu, 1 Insufficient memory. 👈👈👈
Warning FailedScheduling 105s default-scheduler 0/1 nodes are available: 1 Insufficient cpu, 1 Insufficient memory. 👈👈👈
Warning FailedScheduling 106s default-scheduler 0/1 nodes are available: 1 Insufficient cpu, 1 Insufficient memory. 👈👈👈
Warning FailedScheduling 105s default-scheduler 0/1 nodes are available: 1 Insufficient cpu, 1 Insufficient memory. 👈👈👈
```
This means that the node does not have enough CPU or memory resources to start the Pod.

42
tips/use-http-proxy.md
View file

@ -72,13 +72,13 @@ Specify your proxy settings in the section `extra_settings:` in `base/awx.yaml`
...
spec:
...
extra_settings: 👈👈👈
- setting: AWX_TASK_ENV['HTTP_PROXY'] 👈👈👈
value: "'http://proxy.example.com:3128'" 👈👈👈
- setting: AWX_TASK_ENV['HTTPS_PROXY'] 👈👈👈
value: "'http://proxy.example.com:3128'" 👈👈👈
- setting: AWX_TASK_ENV['NO_PROXY'] 👈👈👈
value: "'127.0.0.1,localhost,.example.com'" 👈👈👈
extra_settings: 👈👈👈
- setting: AWX_TASK_ENV['HTTP_PROXY'] 👈👈👈
value: "'http://proxy.example.com:3128'" 👈👈👈
- setting: AWX_TASK_ENV['HTTPS_PROXY'] 👈👈👈
value: "'http://proxy.example.com:3128'" 👈👈👈
- setting: AWX_TASK_ENV['NO_PROXY'] 👈👈👈
value: "'127.0.0.1,localhost,.example.com'" 👈👈👈
```
Note that the `value` have to be wrapped in single quotes and then double quotes as shown above.
@ -100,19 +100,19 @@ After logging in you can navigate to `Settings` > `Jobs settings` in the AWX UI
> ...
> spec:
> ...
> task_extra_env: | 👈👈👈
> - name: HTTP_PROXY 👈👈👈
> value: http://proxy.example.com:3128 👈👈👈
> - name: HTTPS_PROXY 👈👈👈
> value: http://proxy.example.com:3128 👈👈👈
> - name: NO_PROXY 👈👈👈
> value: 127.0.0.1,localhost,.example.com 👈👈👈
> task_extra_env: | 👈👈👈
> - name: HTTP_PROXY 👈👈👈
> value: http://proxy.example.com:3128 👈👈👈
> - name: HTTPS_PROXY 👈👈👈
> value: http://proxy.example.com:3128 👈👈👈
> - name: NO_PROXY 👈👈👈
> value: 127.0.0.1,localhost,.example.com 👈👈👈
>
> web_extra_env: | 👈👈👈
> - name: HTTP_PROXY 👈👈👈
> value: http://proxy.example.com:3128 👈👈👈
> - name: HTTPS_PROXY 👈👈👈
> value: http://proxy.example.com:3128 👈👈👈
> - name: NO_PROXY 👈👈👈
> value: 127.0.0.1,localhost,.example.com 👈👈👈
> web_extra_env: | 👈👈👈
> - name: HTTP_PROXY 👈👈👈
> value: http://proxy.example.com:3128 👈👈👈
> - name: HTTPS_PROXY 👈👈👈
> value: http://proxy.example.com:3128 👈👈👈
> - name: NO_PROXY 👈👈👈
> value: 127.0.0.1,localhost,.example.com 👈👈👈
> ```

14
tips/use-kerberos.md
View file

@ -101,7 +101,7 @@ Service
AllowUnencrypted = false
Auth
Basic = true
Kerberos = true 👈👈👈
Kerberos = true 👈👈👈
Negotiate = true
Certificate = false
CredSSP = false
@ -300,7 +300,7 @@ If the `Verbosity` for the Job Template is configured `4 (Connection Debug)` and
TASK [Ensure windows host is reachable] ****************************************
...
<kuro-win01.kurokobo.internal> ESTABLISH WINRM CONNECTION FOR USER: awx@KUROKOBO.INTERNAL on PORT 5985 TO kuro-win01.kurokobo.internal
calling kinit with pexpect for principal awx@KUROKOBO.INTERNAL 👈👈👈
calling kinit with pexpect for principal awx@KUROKOBO.INTERNAL 👈👈👈
...
ok: [kuro-win01.kurokobo.internal] => {
"changed": false,
@ -350,14 +350,14 @@ NAME READY STATUS RESTARTS
awx-postgres-0 1/1 Running 0 41h
awx-76445c946f-btfzz 4/4 Running 0 41h
awx-operator-controller-manager-7594795b6b-565wm 2/2 Running 0 41h
automation-job-42-tdvs5 1/1 Running 0 4s 👈👈👈
automation-job-42-tdvs5 1/1 Running 0 4s 👈👈👈
```
Now you can access `bash` inside the EE by `kubectl -n <namespace> exec -it <pod name> -- bash`:
```bash
$ kubectl -n awx exec -it automation-job-42-tdvs5 -- bash
bash-5.1$ 👈👈👈
bash-5.1$ 👈👈👈
```
Then proceed investigation.
@ -557,9 +557,9 @@ If manually invoked `kinit` succeeds but the task in your playbook such as `ansi
containers:
- image: 'quay.io/ansible/awx-ee:latest'
name: worker
env: 👈👈👈
- name: KRB5_TRACE 👈👈👈
value: /tmp/krb5.log 👈👈👈
env: 👈👈👈
- name: KRB5_TRACE 👈👈👈
value: /tmp/krb5.log 👈👈👈
args:
- ansible-runner
- worker