AWX through bastion/jump hosts

Archives AWX Project
1

I’m looking to manage some nodes which are in a separate subnet behind a jump host. Previously I set up a few SSH config options for my Ansible user and then configured the jump host to respect these (keys, user, ports etc) - doing the same with AWX seems a little out of my reach at the moment. On the IRC channel it was suggested that I could do the same in /var/lib/awx in the awx_task container, so I did this, but to no avail.

I can see AWX attempting to connect in auth.log on the jump host:

Connection closed by 78.x.x.x port 33062 [preauth]

And the full output from AWX is here (suitable sanitised):

https://gist.github.com/analbeard/a950f1e577468a28c02eeb4dbd27338f

Obviously manually adding config files to a container isn’t a maintainable way of doing this in future, but I’d like to get it working so I can experiment more. Can anyone suggest where I might be going wrong?

2

In this case it looks like I might have given you some incorrect information. Currently in the standalone docker container we run as the root user. I’m going to be changing this in the near future to execute as the awx user (which is our intention)… so for the moment it looks like root is who you’ll need to be. Can you try putting that configuration under that user instead? We’ll see if we can come up with a more tenable solution in the future.

3

Not a problem Matt, all input/help is much appreciated!

I have now got this working with your revised advise above - would you like me to open an issue?

Thanks!

4

I know it’s weird and probably doesn’t seem like it, but this will be the issue where this gets fixed: https://github.com/ansible/awx/issues/89