Red Hat SummitAppendix D. Post upgrade playbook
This section provides an Ansible Playbook that you should run if you are not able to access the automation controller UI on all automation controller nodes after the migration. This addresses the SELinux context and the certificate mismatch issues that were described in the Chapter 4, Infrastructure Migration section.
Copy the below Ansible Playbook content and place it in a file called post_upgrade_playbook.yml inside the untarred installer directory.
Note
This directory consists of the installer inventory file and this playbook uses the installer inventory to make some changes to your automation controller nodes.
post_upgrade_playbook.yml
---
- name: Play to apply workaround to known issues in upgrade
hosts: automationcontroller
become: true
tasks:
- block:
- name: Remove certs from all the controllers
file:
name: "{{ item }}"
state: absent
loop:
- /etc/tower/tower.cert
- /etc/tower/tower.key
- name: Role to create new certs and copy to all controllers
include_role:
name: ansible.automation_platform_installer.nginx
when:
- automation_platform_version is version('2.1.1', '<=')
- name: Add to targeted policy and apply selinux policy to controller dirs
ansible.builtin.command: "{{ item }}"
loop:
- semodule -s targeted -i /usr/share/selinux/targeted/automation-controller.pp
- /sbin/restorecon -R /var/lib/awx/venv /var/lib/awx/job_status /var/run/tower
- name: Restart the controller service
service:
name: automation-controller
state: restarted
Run the command to execute the playbook on the controller nodes.
$ ansible-playbook -i inventory.new.ini post_upgrade_playbook.yml
