AWX - conection via ssh key problem

Archives AWX Project
,
1

Welcome,

I have the following problem:

When I try to execute the ping command on an external server (authentication via ssh), a connection timeout message is displayed. When creating credentials, the type was selected “Machine” and the corresponding ssh key was added. In addition, the ping to the external VM also did not work via ssh, while it went through the password successfully. I want the connection via ssh to go through successfully.

Deployment details:

  • OS version: Ubuntu 20 04

  • Client Version: v1.25.5+k3s2

  • Kustomize Version: v4.5.7

  • Server Version: v1.25.5+k3s2

  • The server is a VM created on KVM

  • AWX version - 21.5.0

In addition:

  • In the deployment version on docker (awx version 17.1.0) the problem described above does not occur.- After installing ansible locally on the server where the problem occurs, it is possible to execute the ad-hoc command

  • After installing ansible locally on the server where the problem occurs, it is possible to execute the ad-hoc command

2

Is your playbook / task attempting to elevate privilege with become: true?
Does your remote_user (ssh user) have permission to do that?

Walter

3

Actually, I cannot execute remotely even simply modules like ping,cmd,shell via inventory from awx.
My user has permission to do these things.

4

bump

5

bump

6

Hello,
We would like to gather some more information from you. Could you run the ping module against the host again with verbosity set to 3 and provide us with that output? Thank you for that additional information!

-AWX Team

7

Hi,
I’m working with brx and here’s the output from the ping module.
BR

(attachments)

output_awx.txt (1.77 KB)

8

Are you able to ssh directly from the awx control node command line? If so, how long does that connection typically take? If not, you should investigate any proxy or firewall that could be in the middle.

Thanks,

AWX Team

9

Yes, I’m able to connect via ssh from control node to destination host. It takes typically under 1 sec.

10

bump

11

do you mind providing the output of /api/v2/ad_hoc_jobs/ (or /api/v2/jobs if you ran a playbook) for that ping? we can take a closer look (be sure to remove sensitive info before uploading)

AWX Team

12

sorry it is at api/v2/ad_hoc_commands

13

Output has been added in the attachment.

(attachments)

api_output.txt (3.83 KB)

14

can you successfully establish a connection to your host from inside the awx-ee container? You can use podman run to run awx-ee container (outside of awx), exec into it and try to ssh into your host? that is closer to how k8s will be doing it.

do other regular jobs (based on job templates) run okay (i.e. is it just ad hoc commands that cause issues?)

AWX Team

15

Hi,
First for all we want to apologize for long break. Some others tasks came to us that were need to solve. We think this is the output that you’ve asked for. We’re not using podeman. This output was intercepted by entering thru crictl to a running awx-ee container. Added in attachment.
BR

(attachments)

container_ssh.txt (2.44 KB)

16

bump

17

What does your deployment look like? the automation job pods are running in the same cluster as your control node correct? are you using a container group to connect out to a different cluster?

18

Hi,
In screens below, I’ve attached (I think) whole info about our deployment. Tbh I’m not master of k8s/k3s but from the tutorial that we used for setting up this environment I can deduce automation job pods are running in the same cluster as control node.
awx-dep-1-conf.jpg

awx-dep-2-ident.jpg
awx-dep-2-ident.jpg1364×380 171 KB

awx-dep-3-ku.pngawx-dep-4-tas.png
Additionally, here is a worker container (marked as red) that launches during job execution.
awx-dep-5-worker.png
awx-dep-5-worker.png1373×422 46.9 KB

BR,
Piotr

19

bump

20

bump