So You Disabled built-in authentication system on AWX and you're locked out. Do not panic I have done the same and here is how I fixed it. Here is the screen I am talking about:
DO NOT CLICK THAT UNLESS YOU ARE SURE YOU CAN LOG BACK IN! As soon as you click that link you are logged out and will probably not be able to log in ... hence this blog post. :)
I had deployed AWX by installing awx-operator & awx-demo on to a K3s cluster. Well, I clicked on the "Disable ..." link because I thought I needed to do that to get LDAP authentication to work. I was wrong and I was locked out of the AWX UI!
What happens when you click that link is that AWX updates a table, config_settings, so that the rest of the AWX systems know that the builtin authentication is disabled. So what you need to do is update that row in the database. And here is how you do that.
1) List your AWX pods like so:
kubectl -n awx get pods
You are looking for the pod that has the 4 containers. In my case this is pod, awx-demo-8ded6678-gk322.
2) "exec" onto the awx-demo-web container like so:
kubectl -n awx exec -it awx-demo-8ded6678-gk322 -c awx-demo-web -- /bin/bash
This will give you a "bash-5.1$ " prompt. Use this prompt to enter the commands below.
3) Dump the DB creds.
cat /etc/tower/conf.d/credentials.py
4) Logon to the database
psql -h awx-demo-postgres-13
I got awx-demo-postgres-13 from step 3 above. Enter the password that was in the credentials.py file.
5) Update the conf_setting table
From the psql prompt, awx=#, execute this SQL:
update conf_setting set value = false where key = 'DISABLE_LOCAL_AUTH'
I forget if I needed to restart anything. But you could try deleting the pod if you still can't login.
Another way to get the awx user's psql password is this: kubectl -n awx get secrets
ReplyDeleteHopefully the output will include something that refers to postgres.
If the output includes a secret called awx-demo-postgres-configuration then we can extract the password.
What you can do is:
kubectl -n awx get secret/awx-demo-postgres-configuration -o yaml