Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Chapter 7. Networking


Troubleshoot networking issues.

The default subnet used in Ansible Automation Platform containers conflicts with the internal network resulting in "No route to host" errors.

To resolve this issue, update the default classless inter-domain routing (CIDR) value so it does not conflict with the CIDR used by the default Podman networking plugin.

Procedure

  1. In all controller and hybrid nodes, run the following commands to create a file called custom.py:

    # touch /etc/tower/conf.d/custom.py
    Copy to Clipboard Toggle word wrap
    # chmod 640 /etc/tower/conf.d/custom.py
    Copy to Clipboard Toggle word wrap
    # chown root:awx /etc/tower/conf.d/custom.py
    Copy to Clipboard Toggle word wrap
  2. Add the following to the /etc/tower/conf.d/custom.py file:

    DEFAULT_CONTAINER_RUN_OPTIONS = ['--network', 'slirp4netns:enable_ipv6=true,cidr=192.168.1.0/24']
    Copy to Clipboard Toggle word wrap
    • 192.168.1.0/24 is the value for the new CIDR in this example.
  3. Stop and start the automation controller service in all controller and hybrid nodes:

    # automation-controller-service stop
    Copy to Clipboard Toggle word wrap
    # automation-controller-service start
    Copy to Clipboard Toggle word wrap

    All containers will start on the new CIDR.

7.2. Troubleshooting SSL/TLS issues

To troubleshoot issues with SSL/TLS, verify the certificate chain, use the correct certificates, and confirm that a trusted Certificate Authority (CA) signed the certificate.

Procedure

  1. Check if the server is reachable over SSL/TLS.

    1. Run the following command to confirm whether the server is reachable over SSL/TLS and to see the full certificate chain:

      # true | openssl s_client -showcerts -connect <fqdn_or_ip>:<port>
      Copy to Clipboard Toggle word wrap
    2. Replace <fqdn_or_ip> and <port> with suitable values.
  2. Verify the certificate details.

    1. Run the following command to view the details of a certificate:

      # openssl x509 -in <path_to_certificate> -noout -text
      Copy to Clipboard Toggle word wrap
  3. Replace <path_to_certificate> with the path to the certificate file you want to inspect.

    The result of the command shows information such as:

    • Subject - The entity the certificate has been issued to.
    • Issuer - The CA that issued the certificate.
    • Validity "Not Before" - The date the certificate was issued.
    • Validity "Not After" - The date the certificate expires.
  4. Verify a trusted CA signed the certificate.

    1. Run the following command to verify that a specific certificate is valid and was signed by a trusted CA:

      openssl verify -CAfile <path_to_ca_public_certificate> <path_to_server_certificate_file_to_verify>
      Copy to Clipboard Toggle word wrap
    2. If the command returns OK, it means the certificate file is valid and signed by a trusted CA.
Nach oben
Red Hat logoGithubredditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können. Entdecken Sie unsere neuesten Updates.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

Theme

© 2025 Red Hat