Install Bundle having cert file in different name

[Iyappanj]

Please confirm the following

• I agree to follow this project's code of conduct.
• I have checked the current issues for duplicates.
• I understand that AWX is open source software provided for free and that I might not receive a timely response.
• I am NOT reporting a (potential) security vulnerability. (These should be emailed to security@ansible.com instead.)

Bug Summary

I am trying to connect an instance to AWX, with the "Install Bundle" provided by AWX I do get the below error while running the install_receptor.yml

Error:
TASK [ansible.receptor.setup : Ensure x509 certificate was signed by the expected Certificate Authority] ***
fatal: [remote-execution -> localhost]: FAILED! => {"changed": false, "cmd": ["openssl", "verify", "-CAfile", "receptor/tls/ca/receptor-ca.crt", "receptor/tls/receptor.crt"], "delta": "0:00:00.005859", "end": "2023-07-07 07:04:30.835112", "msg": "non-zero return code", "rc": 1, "start": "2023-07-07 07:04:30.829253", "stderr": "Error loading file receptor/tls/ca/receptor-ca.crt", "stderr_lines": ["Error loading file receptor/tls/ca/receptor-ca.crt"], "stdout": "", "stdout_lines": []}

Analysis:
the playbook is expecting this certificate file - receptor/tls/receptor.crt
but when we extract the "Install Bundle" we have the file with this name - mesh-CA-crt

I am using AWX for past two months and I have this issue only from last couple of days.

Wanted to know anything changed in this regard ?

AWX version

AWX 22.4.0

Select the relevant components

• UI
• UI (tech preview)
• API
• Docs
• Collection
• CLI
• Other

Installation method

openshift

Modifications

no

Ansible version

No response

Operating system

No response

Web browser

Chrome

Steps to reproduce

Download the install bundle and try running install_receptor.yml

Expected results

Instance should connect to AWX

Actual results

TASK [ansible.receptor.setup : Ensure x509 certificate was signed by the expected Certificate Authority] ***
fatal: [remote-execution -> localhost]: FAILED! => {"changed": false, "cmd": ["openssl", "verify", "-CAfile", "receptor/tls/ca/receptor-ca.crt", "receptor/tls/receptor.crt"], "delta": "0:00:00.005859", "end": "2023-07-07 07:04:30.835112", "msg": "non-zero return code", "rc": 1, "start": "2023-07-07 07:04:30.829253", "stderr": "Error loading file receptor/tls/ca/receptor-ca.crt", "stderr_lines": ["Error loading file receptor/tls/ca/receptor-ca.crt"], "stdout": "", "stdout_lines": []}

Additional information

As this comes as a role, I cannot make changes to the file that it is expecting

[kurokobo]

This is already addressed by #14201 and the fix will be released in the next release.
As a temporary workaround, you can modify custom_ca_certfile in group_vars/all.yml by hand in your install bundle.

...
custom_tls_certfile: receptor/tls/receptor.crt
custom_tls_keyfile: receptor/tls/receptor.key
custom_ca_certfile: receptor/tls/ca/mesh-CA.crt     👈👈👈
...

[Iyappanj]

@kurokobo Thanks for this information. I will handle it manually until the next version is available.

[sean-m-sullivan]

@fosterseth we should remove the collection flag, change to other?

[fosterseth]

this should be fixed in https://github.com/ansible/awx/pull/14201/files