Hi
I was developping a network playbook in order to deploy and automate upgrades on a bunch of Cisco Nexus but i’m having an issue while moving my playbook to AWX.
The developpement context is on my Debian 13. It uses a private ssh key that is hosted on Hashicorp Vault as a value into KV engine. On every Nexus switches, corresponding public key has been deployed earlier and so, SSH connection is fine.
As special variable ansible_ssh_private_key_file is waiting for a file, I have to “convert” data i’m fetching from Vault to a file that can be used then.
- name: test-nexus-upgrade
hosts: nexus
gather_facts: false
vars_files:
- vars.yml
tasks:
- name: Save private key as a file locally
ansible.builtin.copy:
dest: /tmp/id_rsa_ansible
content: "{{ my-vault.secret.awx_key }}"
mode: '0600'
delegate_to: localhost
- name: Check if nxos image is present
cisco.nxos.nxos_command:
commands:
- "dir bootflash: | include {{ image_name }}"
register: image_check
Here’s content of my vars.yml as well, every approle related information haven’t been pasted here :
ansible_connection: ansible.netcommon.network_cli
ansible_network_os: cisco.nxos.nxos
my-vault: "{{ lookup('community.hashi_vault.vault_kv2_get', 'nexus', engine_mount_point='kv/', auth_method='approle', role_id=approle_id, secret_id=approle_secret_id) }}"
ansible_user: "{{ my-vault.secret.awx_user }}"
ansible_ssh_private_key_file: /tmp/id_rsa_ansible
Launching this playbook on my Debian 13 dev platform is fine and working great.
When moving to my AWX environment, it’s getting weird on the second task “Check if nxos image is present”
exception: (traceback unavailable)
msg: >-
Task failed: ssh connection failed: Failed to authenticate public key: Access
denied for 'publickey'. Authentication that can continue:
publickey,password,keyboard-interactive
changed: false
_ansible_no_log: false
I consider Vault data fine as I can use it from my Debian platform. But don’t understand what happened from AWX.
Any ideas ? 
Gael