I have added a SSH config file and key to the awx_task container to authenticate against a jumphost that is referred to in an inventory file with the variable “ansible_ssh_common_args”. With this I’m able to run jobs which use this inventory via the jumphost. My reading of the Tower docs is that a Tower/AWX credential cannot be used to connect to a jumphost
Pushing the SSH config file and key manually to the awx_task container doesn’t seem to be a good way of working with a jumphost. Is there an automated way of doing this, that would enable me to add/remove entries from SSH config and add/remove SSH keys from the AWX container?
<172.19.50.51> (255, ‘’, 'OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 58: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: Control socket “/tmp/awx_31_PZyy3K/cp/52961c7d86” does not exist\r\ndebug1: Executing proxy command: exec ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -A -W 172.19.50.51:22 -q centos@x.x.x.x -i /var/lib/awx/projects/keys/jump.pem\r\ndebug3: timeout: 10000 ms remain after connect\r\ndebug1: permanently_set_uid: 0/0\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /root/.ssh/id_rsa type -1\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /root/.ssh/id_rsa-cert type -1\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /root/.ssh/id_dsa type -1\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: permanently_drop_suid: 0\r\ndebug…
87
fatal: [172.19.50.51]: UNREACHABLE! => {
88
“changed”: false,
89
“msg”: "Failed to connect to the host via ssh: OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 58: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: Control socket "/tmp/awx_31_PZyy3K/cp/52961c7d86" does not exist\r\ndebug1: Executing proxy command: exec ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -A -W 172.19.50.51:22 -q centos@x.x.x.x -i /var/lib/awx/projects/keys/jump.pem\r\ndebug3: timeout: 10000 ms remain after connect\r\ndebug1: permanently_set_uid: 0/0\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /root/.ssh/id_rsa type -1\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /root/.ssh/id_rsa-cert type -1\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /root/.ss…
what am I doing wrong here?
/var/lib/awx/projects/keys/ is visible in awx-tasks docker container
We have our ssh config copied in the Execution environment image so it is applying the Proxycommand for all target hosts. Strangely awx@jumphost … is working without specifying or copying somewhere in the container the private key file.
So we assumed that somehow the key part is successfully loaded and used from the credential from awx in our job templates (which is using the same username).
Στις Παρασκευή 2 Δεκεμβρίου 2022 στις 9:23:14 μ.μ. UTC+2, ο χρήστης rake...@gmail.com έγραψε: