Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
Chapter 7. Networking
Troubleshoot networking issues.
7.1. Issue - The default subnet used in Ansible Automation Platform containers conflicts with the internal network Link kopierenLink in die Zwischenablage kopiert!
The default subnet used in Ansible Automation Platform containers conflicts with the internal network resulting in "No route to host" errors.
To resolve this issue, update the default classless inter-domain routing (CIDR) value so it does not conflict with the CIDR used by the default Podman networking plugin.
Procedure
In all controller and hybrid nodes, run the following commands to create a file called
custom.py
:touch /etc/tower/conf.d/custom.py
# touch /etc/tower/conf.d/custom.py
Copy to Clipboard Copied! Toggle word wrap Toggle overflow chmod 640 /etc/tower/conf.d/custom.py
# chmod 640 /etc/tower/conf.d/custom.py
Copy to Clipboard Copied! Toggle word wrap Toggle overflow chown root:awx /etc/tower/conf.d/custom.py
# chown root:awx /etc/tower/conf.d/custom.py
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Add the following to the
/etc/tower/conf.d/custom.py
file:DEFAULT_CONTAINER_RUN_OPTIONS = ['--network', 'slirp4netns:enable_ipv6=true,cidr=192.168.1.0/24']
DEFAULT_CONTAINER_RUN_OPTIONS = ['--network', 'slirp4netns:enable_ipv6=true,cidr=192.168.1.0/24']
Copy to Clipboard Copied! Toggle word wrap Toggle overflow -
192.168.1.0/24
is the value for the new CIDR in this example.
-
Stop and start the automation controller service in all controller and hybrid nodes:
automation-controller-service stop
# automation-controller-service stop
Copy to Clipboard Copied! Toggle word wrap Toggle overflow automation-controller-service start
# automation-controller-service start
Copy to Clipboard Copied! Toggle word wrap Toggle overflow All containers will start on the new CIDR.
7.2. Troubleshooting SSL/TLS issues Link kopierenLink in die Zwischenablage kopiert!
To troubleshoot issues with SSL/TLS, verify the certificate chain, use the correct certificates, and confirm that a trusted Certificate Authority (CA) signed the certificate.
Procedure
Check if the server is reachable over SSL/TLS.
Run the following command to confirm whether the server is reachable over SSL/TLS and to see the full certificate chain:
true | openssl s_client -showcerts -connect <fqdn_or_ip>:<port>
# true | openssl s_client -showcerts -connect <fqdn_or_ip>:<port>
Copy to Clipboard Copied! Toggle word wrap Toggle overflow -
Replace
<fqdn_or_ip>
and<port>
with suitable values.
Verify the certificate details.
Run the following command to view the details of a certificate:
openssl x509 -in <path_to_certificate> -noout -text
# openssl x509 -in <path_to_certificate> -noout -text
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
Replace
<path_to_certificate>
with the path to the certificate file you want to inspect.The result of the command shows information such as:
- Subject - The entity the certificate has been issued to.
- Issuer - The CA that issued the certificate.
- Validity "Not Before" - The date the certificate was issued.
- Validity "Not After" - The date the certificate expires.
Verify a trusted CA signed the certificate.
Run the following command to verify that a specific certificate is valid and was signed by a trusted CA:
openssl verify -CAfile <path_to_ca_public_certificate> <path_to_server_certificate_file_to_verify>
openssl verify -CAfile <path_to_ca_public_certificate> <path_to_server_certificate_file_to_verify>
Copy to Clipboard Copied! Toggle word wrap Toggle overflow -
If the command returns
OK
, it means the certificate file is valid and signed by a trusted CA.