I have an Ansible Automation Platform instance. I created a Project with git as the source control type.
The problem is the Git provider I'm using is behind a reverse proxy which requires the user to provide an SSL certificate/key pair for SSL authentication, in addition to a username/password for the git server itself. On my PC my .gitconfig would look like this (Windows):
[http "https://my.git.server/"]
sslCert = CurrentUser\\MY\\<certificate thumbprint>
sslBackend = schannel
Or this (Linux):
[http "https://my.git.server/"]
sslCert = /home/my-user/.git/my-user.crt
sslKey = /home/my-user/.git/my-user.key
How do I configure AAP to provide this cert/key pair for SSL authentication when pulling the project playbooks, sync from SCM?
The solution was to host the certs and .gitconfig on the host filesystem then map the directory to the execution environment jobs.
Create a .gitconfig file:
[http "https://my.git.server/"]
sslCert = /home/runner/.git/my-user.crt
sslKey = /home/runner/.git/my-user.key
Save them in a central location accessible by the awx user, such as /etc/ansible:
/etc/ansible/gitconfig
|
|__ .git/
| |
| |__ my-user.crt
| |
| |__ my-user.key
|
|__ .gitconfig
Make awx the owner of the directory:
chown -R awx:awx /etc/ansible/gitconfig
Under Settings > Job settings > Paths to expose to isolated jobs, add the volume mount from the directory on the host filesystem (in this case, /etc/ansible/gitconfig) to the user's home folder in the execution environment image (in this case, /home/runner):
[
"/etc/ansible/gitconfig:/home/runner:O"
]
The :O option marks the directory as read-only. Other options can be found here.
Alternatively, this is the AWX_ISOLATION_SHOW_PATHS under jobs settings in the API.