Menu Close

Appendix D. Post upgrade playbook

This section provides an Ansible Playbook that you should run if you are not able to access the automation controller UI on all automation controller nodes after the migration. This addresses the SELinux context and the certificate mismatch issues that were described in the Chapter 4, Infrastructure Migration section.

Copy the below Ansible Playbook content and place it in a file called post_upgrade_playbook.yml inside the untarred installer directory.


This directory consists of the installer inventory file and this playbook uses the installer inventory to make some changes to your automation controller nodes.


- name: Play to apply workaround to known issues in upgrade
  hosts: automationcontroller
  become: true
    - block:
      - name: Remove certs from all the controllers
          name: "{{ item }}"
          state: absent
          - /etc/tower/tower.cert
          - /etc/tower/tower.key
      - name: Role to create new certs and copy to all controllers
          name: ansible.automation_platform_installer.nginx
        - automation_platform_version is version('2.1.1', '<=')
    - name: Add to targeted policy and apply selinux policy to controller dirs
      ansible.builtin.command: "{{ item }}"
        - semodule -s targeted -i /usr/share/selinux/targeted/automation-controller.pp
        - /sbin/restorecon -R /var/lib/awx/venv /var/lib/awx/job_status /var/run/tower
    - name: Restart the controller service
        name: automation-controller
        state: restarted

Run the command to execute the playbook on the controller nodes.

$ ansible-playbook -i post_upgrade_playbook.yml