diff options
| author | Djebran Lezzoum <ldjebran@gmail.com> | 2024-10-02 15:50:17 +0200 |
|---|---|---|
| committer | jessicamack <jmack@redhat.com> | 2024-10-15 23:43:32 +0200 |
| commit | e4c11561cc9b845974ba972aedc2825efc94e4ef (patch) | |
| tree | 09f57ecaf7838cac14cb2914abd38b6c2cc53dcd /tools | |
| parent | Remove LDAP authentication (#15546) (diff) | |
| download | awx-e4c11561cc9b845974ba972aedc2825efc94e4ef.tar.xz awx-e4c11561cc9b845974ba972aedc2825efc94e4ef.zip | |
Remove TACACS+ authentication (#15547)
Remove TACACS+ authentication from AWX.
Co-authored-by: Hao Liu <44379968+TheRealHaoLiu@users.noreply.github.com>
Diffstat (limited to 'tools')
4 files changed, 0 insertions, 72 deletions
diff --git a/tools/docker-compose/README.md b/tools/docker-compose/README.md index 77e10233bc..df9187762e 100644 --- a/tools/docker-compose/README.md +++ b/tools/docker-compose/README.md @@ -273,7 +273,6 @@ $ make docker-compose - [Start with Minikube](#start-with-minikube) - [SAML and OIDC Integration](#saml-and-oidc-integration) - [Splunk Integration](#splunk-integration) -- [tacacs+ Integration](#tacacs+-integration) ### Start a Shell @@ -465,30 +464,6 @@ ansible-playbook tools/docker-compose/ansible/plumb_splunk.yml Once the playbook is done running Splunk should now be setup in your development environment. You can log into the admin console (see above for username/password) and click on "Searching and Reporting" in the left hand navigation. In the search box enter `source="http:tower_logging_collections"` and click search. -### - tacacs+ Integration - -tacacs+ is an networking protocol that provides external authentication which can be used with AWX. This section describes how to build a reference tacacs+ instance and plumb it with your AWX for testing purposes. - -First, be sure that you have the awx.awx collection installed by running `make install_collection`. - -Anytime you want to run a tacacs+ instance alongside AWX we can start docker-compose with the TACACS option to get a containerized instance with the command: -```bash -TACACS=true make docker-compose -``` - -Once the containers come up a new port (49) should be exposed and the tacacs+ server should be running on those ports. - -Now we are ready to configure and plumb tacacs+ with AWX. To do this we have provided a playbook which will: -* Backup and configure the tacacsplus adapter in AWX. NOTE: this will back up your existing settings but the password fields can not be backed up through the API, you need a DB backup to recover this. - -```bash -export CONTROLLER_USERNAME=<your username> -export CONTROLLER_PASSWORD=<your password> -ansible-playbook tools/docker-compose/ansible/plumb_tacacs.yml -``` - -Once the playbook is done running tacacs+ should now be setup in your development environment. This server has the accounts listed on https://hub.docker.com/r/dchidell/docker-tacacs - ### HashiVault Integration Run a HashiVault container alongside of AWX. diff --git a/tools/docker-compose/ansible/plumb_tacacs.yml b/tools/docker-compose/ansible/plumb_tacacs.yml deleted file mode 100644 index b18a72284a..0000000000 --- a/tools/docker-compose/ansible/plumb_tacacs.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -- name: Plumb a tacacs+ instance - hosts: localhost - connection: local - gather_facts: False - vars: - awx_host: "https://localhost:8043" - tasks: - - name: Load existing and new tacacs+ settings - ansible.builtin.set_fact: - existing_tacacs: "{{ lookup('awx.awx.controller_api', 'settings/tacacsplus', host=awx_host, verify_ssl=false) }}" - new_tacacs: "{{ lookup('template', 'tacacsplus_settings.json.j2') }}" - - - name: Display existing tacacs+ configuration - ansible.builtin.debug: - msg: - - "Here is your existing tacacsplus configuration for reference:" - - "{{ existing_tacacs }}" - - - ansible.builtin.pause: - prompt: "Continuing to run this will replace your existing tacacs settings (displayed above). They will all be captured. Be sure that is backed up before continuing" - - - name: Write out the existing content - ansible.builtin.copy: - dest: "../_sources/existing_tacacsplus_adapter_settings.json" - content: "{{ existing_tacacs }}" - - - name: Configure AWX tacacs+ adapter - awx.awx.settings: - settings: "{{ new_tacacs }}" - controller_host: "{{ awx_host }}" - validate_certs: False diff --git a/tools/docker-compose/ansible/roles/sources/templates/docker-compose.yml.j2 b/tools/docker-compose/ansible/roles/sources/templates/docker-compose.yml.j2 index 80f075ab41..e0db3a5c63 100644 --- a/tools/docker-compose/ansible/roles/sources/templates/docker-compose.yml.j2 +++ b/tools/docker-compose/ansible/roles/sources/templates/docker-compose.yml.j2 @@ -189,14 +189,6 @@ services: depends_on: - prometheus {% endif %} -{% if enable_tacacs|bool %} - tacacs: - image: dchidell/docker-tacacs - container_name: tools_tacacs_1 - hostname: tacacs - ports: - - "49:49" -{% endif %} # A useful container that simply passes through log messages to the console # helpful for testing awx/tower logging # logstash: diff --git a/tools/docker-compose/ansible/templates/tacacsplus_settings.json.j2 b/tools/docker-compose/ansible/templates/tacacsplus_settings.json.j2 deleted file mode 100644 index fe9dd8c391..0000000000 --- a/tools/docker-compose/ansible/templates/tacacsplus_settings.json.j2 +++ /dev/null @@ -1,7 +0,0 @@ -{ - "TACACSPLUS_HOST": "tacacs", - "TACACSPLUS_PORT": 49, - "TACACSPLUS_SECRET": "ciscotacacskey", - "TACACSPLUS_SESSION_TIMEOUT": 5, - "TACACSPLUS_AUTH_PROTOCOL": "ascii" -} |