Accessing Servers through Jumpbox

Archives AWX Project
,
1

Hello all

I hope I can get some guidance here regarding my problem reaching my AWX nodes via a jump/bastion server.

AWX Version : AWX 17.1.0
OS : Ubuntu 20.04

On my AWX host I tested the following way if I can reach my node via ssh :

.ssh/config

root@ansible-master:~/.ssh# cat config

Host jumpserver
Hostname 41.71.64.218
ForwardAgent yes
Port 29
User awx_service
IdentityFile ~/.ssh/id_rsa_awx

Host staging_db01
Hostname 172.16.0.60
ForwardAgent yes
User awx_service
Port 29
IdentityFile ~/.ssh/id_rsa_awx
ProxyJump jumpserver

ssh to staging_db01

root@ansible-master:~/.ssh# ssh staging_db01
Welcome to Ubuntu 16.04.7 LTS (GNU/Linux 4.4.0-210-generic x86_64)
awx_service@db01:~$

In ansible I use the ansible_ssh_common_args variable in the inventory and it work:

ansible_ssh_common_args=‘-J awx_service@41.71.64.218:29’

In awx I tried what feels like everything under the sun, but cannot successfully ping my nodes. Does anybody have a document or instructions that can guide me through this process.

Thanks

Danie Brink

2

Check this official information out:
https://docs.ansible.com/ansible-tower/latest/html/administration/tipsandtricks.html#setting-up-a-jump-host-to-use-with-tower

AWX does work when using the “ProxyCommand” (Instead of ProxyJump) in the ansible_ssh_common_args inventory variable. It should look like the following:
ansible_ssh_common_args: ‘-o ProxyCommand=“ssh -W %h:%p -q <user_name>@<jump_server_name>”’

Again, this is an inventory variable that should be available in AWX. You can define it at the inventory level (as vars in the AWX Inventory definition), at the ‘group’ or ‘host’ levels.

Make sure to have the SSH private key (for the jumphost user) set up as a ‘Machine Credential’ in AWX, then include that credential in the Templates that you define in AWX.

I hope the above helps!