AWX in k3s, try to mount ssh directory into custom EE and jobs fail when connecting to hosts.

Archives AWX Project
,
1

Hello:

Im relatively new at awx, and Im upgrading my awx from v14(docker-compose env) to v21.3(awx-operator in k3s), using this guide: https://github.com/kurokobo/awx-on-k3s, after some initial struggles I managed to get things up and ready.

I create my own custom EE and make some configurations to add some necessary volumes.

As Im reusing all keys under /root/.ssh to access hosts so I think necessary to mount .ssh directory as a volume in my custom EE.

ee_extra_volume_mounts: |- name: ssh-volume
mountPath: /home/runner/.ssh
extra_volumes: |

  • name: ssh-volume
    hostPath: path: /root/.ssh/

But now all my jobs fails when trying to connect to hosts (so i suspect problems with access keys), it always shows Permission denied, but logs vary in complexity.

Sometimes when I run a job it complains about .ssh directory do not exists under /root/.ssh in my custom EE, I found this weird because I explicitly put it under /home/runner directory, but even under this directory it do not appears, looks like it is ignoring the configuration when creating the container using my custom EE. I understand that the configuration showed previously will be added to all my custom EE when they are will globally available Execution Environments, but maybe (and probably) I misunderstood or doing something wrong.

I review the default awx-ee container and .ssh directory exists inside /home/runner.

Here some extract of my logs when I run jobs:

https://pastebin.com/EtHrQjEU

https://pastebin.com/7hFqa6XX

Any help will be highly appreciate it

Thanks in advance!

2

Hello, glad you’re using AWX :slight_smile:

I do agree that permissions seem to be an issue here, I’m not sure what your use case is but you probably don’t need to mount your .ssh directory.
If you don’t mount into the ssh volume and instead create those keys as machine credentials in the UI, that would probably work better.
Do you have a lot of SSH keys? If not then adding them manually wouldn’t take too long and you can verify that the credentials work or not.

Thanks.
AWX Team

3

Hello!!

Thanks for your answer, I appreciate it. As Im moving from a functional env where ssh keys are use to connect to hosts is very difficult to create hundreds of credentials in AWX GUI, even when is the ideal solution.

Anyway, this is what I do for workaround this issue: Searching in AWX mailing list I found someone refering this link (not related to my issue but calls my attention the title) https://stackoverflow.com/questions/67747550/how-can-i-expose-local-data-path-to-the-temporary-job-container-awx-job-xxxxx

So, basically I follow the steps there, mount the /root/.ssh directory as a volume into to the automation-job pod and everything works fine.

One again thanks for the answer, and sorry the delay in the answer.

Best Regards!