External log aggregator password lost after Ansible Automation Controller redeployment.
Environment
- Ansible Automation Platform 2.x on OpenShift 4.x
Issue
- Every time AAP Controller instances are being redeployed (because of an application upgrade or some other changes in the Custom Resource Definition file of the controller) the log aggregator streaming stops working.
Resolution
- Add the log aggregator username and password as the extra_settings in the custom resource definition of the Automation Controller:
extra_settings:
- setting: LOG_AGGREGATOR_USERNAME
value: '''myusername'''
- setting: LOG_AGGREGATOR_PASSWORD
value: '''mypassword'''
Note :
1. For some settings, such as LOG_AGGREGATOR_USERNAME and LOG_AGGREGATOR_PASSWORD the value may need double quotes
2. The preferred method to pass passwords is using secrets for security purposes.
Root Cause
- The extra_settings section in Automation Controller CRD will take precedence over any setting in the UI. So if external log aggregator settings are not specified on the Controller spec they are lost when the pod restarts.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments