Contact Us
+61 2 8203 1600

New Zealand | Replacing Ansible Automation Private Automation Hub (PAH) Certificates

Sebastian Baszcyj - 23.02.202320230223

View Insentra Profile
View LinkedIn Profile
View Insights

Replacing Ansible Automation Private Automation Hub (PAH) Certificates

New Zealand | Replacing Ansible Automation Private Automation Hub (PAH) Certificates

This blog describes the process required to replace the certificates for PAH. 

The Ansible Automation Hub is made up of two nodes, aaph01 and aaph02, that both utilise the shared NFS storage to store execution environment images (containers) and ansible collections. The hub is configured for high availability and a Load Balancer is used to distribute traffic to available nodes. The Load Balancer can be accessed using the fully qualified domain name(FQDN): aaph.example.net. To renew the certificates, a new certificate for aaph.example.net has to be generated and installed on the Load Balancer and on both nodes of the Private Automation Hub (PAH). 

Process 

  • Generate the certificate for aaph.example.net  
  • Replace the certificates on the Load Balancer 
  • Copy the certificate and key to both nodes of the PAH: aaph01 and aaph02 
  • Make sure to rename the certificates to: pulp_webserver.crt and pulp_webserver.key 
  • Login to both servers. Root permissions are required 
  • Navigate to /etc/pulp/certs 
  • Backup existing certificates 
cp /etc/pulp/certs/pulp_webserver.crt /etc/pulp/certs/pulp_webserver.crt.date   cp /etc/pulp/certs/pulp_webserver.key /etc/pulp/certs/pulp_webserver.key.date
  • Copy new certificates to /etc/pulp/certs:  
cp /home/temp/pulp_webserver.crt /etc/pulp/certs/pulp_webserver.crt   cp /home/temp/pulp_webserver.key /etc/pulp/certs/pulp_webserver.key
  • Ensure that the permissions match those of the original files 
chown root:pulp /etc/pulp/certs/pulp_webserver.crt   chown root:pulp /etc/pulp/certs/pulp_webserver.key   chmod 600 /etc/pulp/certs/pulp_webserver.crt   chmod 600 /etc/pulp/certs/pulp_webserver.key
  • Restore SELinux context on the certificates 
restorecon -v /etc/pulp/certs/pulp_webserver.crt   restorecon -v /etc/pulp/certs/pulp_webserver.key
  • Restart nginx on both servers 
systemctl restart nginx   systemctl status nginx

In conclusion, ensuring your Private Automation Hub (PAH) is secure is essential for your organization’s overall cybersecurity. With our step-by-step guide, replacing the certificates for your PAH with Ansible Automation is easy and secure. By generating and installing new certificates for the Load Balancer and both nodes, you can keep your automation up-to-date and secure. Don’t risk your organization’s security – replace your certificates today. Contact us if you need further assistance with replacing your Private Automation Hub certificates with Ansible Automation.  

Related Articles

Introduction to Ansible Builder
Ansible Disaster Recovery Guide AWS
How to configure Ansible Automation SAML SSO with Red Hat SSO

Join the Insentra Community with the Insentragram Newsletter

Hungry for more?

Work with us, and see what Insentra can do for you

Insentra can augment end user service capabilities and accelerate business growth. Whether it’s an opportunity you can’t address, some pre-sales assistance, clients asking for a Professional or Managed service you can’t deliver, you’re struggling to break into new markets and accelerate your channel, or you’re frustrated trying to juggle multiple providers for all your IT needs – Insentra can help.

Empower yourself to seize every opportunity. Partner with Insentra.

Get In Touch

Contact Us

Discover

Information For

Connect With Us

Close

If you’re waiting for a sign, this is it.

We’re a certified amazing place to work, with an incredible team and fascinating projects – and we’re ready for you to join us! Go through our simple application process. Once you’re done, we will be in touch shortly!

Train Story

Values

Open Opportunities

Join our Talent Network

New Zealand | Replacing Ansible Automation Private Automation Hub (PAH) Certificates
Learn more
Close
New Zealand | Replacing Ansible Automation Private Automation Hub (PAH) Certificates
Read more
Close
New Zealand | Replacing Ansible Automation Private Automation Hub (PAH) Certificates

Unleashing the power of Microsoft Copilot

This comprehensive guide provides everything you need to get your organisation ready for and successfully deploy Copilot.

Download Now
Close

Who is Insentra?

Imagine a business which exists to help IT Partners & Vendors grow and thrive.

Insentra is a 100% channel business. This means we provide a range of Advisory, Professional and Managed IT services exclusively for and through our Partners.

Our #PartnerObsessed business model achieves powerful results for our Partners and their Clients with our crew’s deep expertise and specialised knowledge.

We love what we do and are driven by a relentless determination to deliver exceptional service excellence.

Information for Partners

Information for Clients

Information for Vendors

Our Story

Our Credentials

Meet the Crew

Train Story

New Zealand | Replacing Ansible Automation Private Automation Hub (PAH) Certificates

Insentra ISO 27001:2013 Certification

SYDNEY, WEDNESDAY 20TH APRIL 2022 – We are proud to announce that Insentra has achieved the  ISO 27001 Certification.

Read more