This blog describes the process required to replace the certificates for PAH. <\/p>\n\n\n\n
The Ansible Automation Hub is made up of two nodes, aaph01 and aaph02, that both utilise the shared NFS storage to store execution environment images (containers) and ansible collections. The hub is configured for high availability and a Load Balancer is used to distribute traffic to available nodes. The Load Balancer can be accessed using the fully qualified domain name(FQDN): aaph.example.net. To renew the certificates, a new certificate for aaph.example.net has to be generated and installed on the Load Balancer and on both nodes of the Private Automation Hub (PAH). <\/p>\n\n\n\n
cp \/etc\/pulp\/certs\/pulp_webserver.crt \/etc\/pulp\/certs\/pulp_webserver.crt.date \n\ncp \/etc\/pulp\/certs\/pulp_webserver.key \/etc\/pulp\/certs\/pulp_webserver.key.date <\/code><\/pre>\n\n\n\n\n- Copy new certificates to \/etc\/pulp\/certs: <\/li>\n<\/ul>\n\n\n\n
cp \/home\/temp\/pulp_webserver.crt \/etc\/pulp\/certs\/pulp_webserver.crt \n\ncp \/home\/temp\/pulp_webserver.key \/etc\/pulp\/certs\/pulp_webserver.key <\/code><\/pre>\n\n\n\n\n- Ensure that the permissions match those of the original files <\/li>\n<\/ul>\n\n\n\n
chown root:pulp \/etc\/pulp\/certs\/pulp_webserver.crt \n\nchown root:pulp \/etc\/pulp\/certs\/pulp_webserver.key \n\nchmod 600 \/etc\/pulp\/certs\/pulp_webserver.crt \n\nchmod 600 \/etc\/pulp\/certs\/pulp_webserver.key <\/code><\/pre>\n\n\n\n\n- Restore SELinux context on the certificates <\/li>\n<\/ul>\n\n\n\n
restorecon -v \/etc\/pulp\/certs\/pulp_webserver.crt \n\nrestorecon -v \/etc\/pulp\/certs\/pulp_webserver.key <\/code><\/pre>\n\n\n\n\n- Restart nginx on both servers <\/li>\n<\/ul>\n\n\n\n
systemctl restart nginx \n\nsystemctl status nginx <\/code><\/pre>\n\n\n\nIn conclusion, ensuring your Private Automation Hub (PAH) is secure is essential for your organization’s overall cybersecurity. With our step-by-step guide, replacing the certificates for your PAH with Ansible Automation is easy and secure. By generating and installing new certificates for the Load Balancer and both nodes, you can keep your automation up-to-date and secure. Don’t risk your organization’s security – replace your certificates today. Contact us<\/a> if you need further assistance with replacing your Private Automation Hub certificates with Ansible Automation. <\/p>\n\n\n\nRelated Articles<\/h2>\n\n\n\nIntroduction to Ansible Builder<\/a>
\nAnsible Disaster Recovery Guide AWS<\/a>
\nHow to configure Ansible Automation SAML SSO with Red Hat SSO<\/a>\n\n\n\n