How do I Rekey an Ansible Tower Environment Installed on Openshift?

Solution Verified - Updated -

Environment

  • Ansible Tower 3.7, 3.8
  • Openshift

Issue

  • How do I rekey the secret_key for an openshift installation of Ansible Tower?

Resolution

  • Follow the same steps as you would in the guide listed here: [Ansible Tower: Secret Handling (https://docs.ansible.com/ansible-tower/3.8.0/html/administration/secret_handling.html)

    1. Run: ./setup_openshift.sh -k to rekey the secret_key

    2. From the stdout of the run in step 1, find the below field and note the new key:

      TASK [kubernetes : print the new SECRET_KEY]
      *************************************************************************************************
      ok: [localhost] => {
            "msg": "secret-key-here"
          }
      
    3. Update the value from step 2 in your inventory file

    4. Re-run ./setup_openshift.sh without the -k flag using the new secret key

Root Cause

  • The setup_openshift.sh file does accept the -k field mentioned in Ansible Tower: Secret Handling, but there is no flag indicating its existing when passing --help to the script.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments