On AWX I configured an instance group with two instances, one on network1 and the other in DMZ
If I run a template using this instance group, it always runs on the same instance (the one on network1), and thus the server in DMA is always unreachable. Is there any way to have the template automatically run on the correct instance… i.e., try to reach server 1 with instance1, if it can’t it should use the other instance in DMZ. Is that possible?
It is not a network problem. tested with other instance groups containing the individual instances
Jobs will be load balanced across all instances in the instance group and I don’t believe there is logic/option to retry on a different instance in the group if the host is unreachable. If the instance in network1 can reach one set of hosts and the instance in the DMZ can reach a different set of hosts then I would suggest breaking those out into 2 different instance groups. This way you could assign the “network1” instance group to the inventories which
contain hosts that network1 can reach and similar for the DMZ instance group/inventories. We use a similar approach at the inventory level to avoid our contractors/L1 users from having to know the instance group mapping; they just call the inventory during the job run and it goes to the correct instance group.
Thanks Job for the clarification on how the instance group works. Unfortunately, the template initially executes a task on localhost, which makes an API call (via curl) to an external system to create the dynamic inventory on which all subsequent tasks will be executed. So I think it is not possible to solve via the solution you mentioned
As @iwt-cmd mentions AWX does not use instance groups or execution nodes automatically based on the managed node. The link is to the job. If your job requires connectivity to an external service then that communication path needs to be opened and a job specific to the DMZ node(s) needs to be created and likely controlled with some kind of filter via --limit in the job.
