I have generated the SSH key pairs directly in AWX task container, but the data there is not persistent and will be lost when I reboot the containers
Anyone can give any suggestion where I shall configure something to save this data into somewhere else, eg, my VM directory ?
I know in my AWX 9.0 version, I have docker-compose file that I can configure this setting in ‘volumes’, but in my AWX 23.0, I don’t know where I shall configure it ?
SSH keys are typically configured in a job template and get passed on to the execution environment from which the target nodes are addressed, so I don’t know why you’re trying to create keys on the task container.
Be that as it may, just yesterday I read this article which might be a step in the direction you search for.
Thanks a lot for your reply and info, I will look into this option next time as i am not previously aware this is the best practice.
For now, I have an alternative way to bypass this issue without changing the pod’s configuration file, as it is a bit more difficult for me rookie knowledge in AWX.
I think by default, AWX task container’s path ‘/var/lib/awx/projects’ will be saved as persistent data. My previous SSH key related data are saved in ‘var/lib/awx/.ssh’, so the data here will get lost after container reboot. Thus I simply move .ssh folder into ‘/var/lib/awx/projects/.ssh’.
An ugly solution but it works
Thanks a lot for your time and kind support
@mapleos1123 looks like you find the solution for your problem
NOTE: /var/lib/awx/project on kube deployment is using a ephemeral storage (emptyDir) so if the pod is deleted and recreated the data will be lost
if you want the project dir to be persisted look into https://github.com/ansible/awx-operator/blob/devel/docs/user-guide/advanced-configuration/persisting-projects-directory.md
with that said storing ssh keys in awx-task container is definitely not the recommended approach and the ssh key will not be present in the execution environment container that actually runs the job if your intention is using it for a job.
Machine Credential may be something you can look into 9. Credentials — Ansible AWX community documentation
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.