AWX - conection via ssh key problem
208 views
Skip to first unread message
brx
Jan 30, 2023, 8:05:32 AM1/30/23
to AWX Project
Welcome,
I have the following problem:
When I try to execute the ping command on an external server (authentication via ssh), a connection timeout message is displayed. When creating credentials, the type was selected "Machine" and the corresponding ssh key was added. In addition, the ping to the external VM also did not work via ssh, while it went through the password successfully. I want the connection via ssh to go through successfully.
Deployment details:
- OS version: Ubuntu 20 04
- Client Version: v1.25.5+k3s2
- Kustomize Version: v4.5.7
- Server Version: v1.25.5+k3s2
- The server is a VM created on KVM
- AWX version - 21.5.0
In addition:
- In the deployment version on docker (awx version 17.1.0) the problem described above does not occur.- After installing ansible locally on the server where the problem occurs, it is possible to execute the ad-hoc command
- After installing ansible locally on the server where the problem occurs, it is possible to execute the ad-hoc command
Rowe, Walter P. (Fed)
Jan 30, 2023, 8:29:49 AM1/30/23
to awx-p...@googlegroups.com
Is your playbook / task attempting to elevate privilege with become: true?
Does your remote_user (ssh user) have permission to do that?
--
You received this message because you are subscribed to the Google Groups "AWX Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to awx-project...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/awx-project/a635fca7-59e1-460c-99a9-0c9777a65175n%40googlegroups.com.
brx
Jan 30, 2023, 8:53:45 AM1/30/23
to AWX Project
Actually, I cannot execute remotely even simply modules like ping,cmd,shell via inventory from awx.
My user has permission to do these things.
My user has permission to do these things.
brx
Feb 1, 2023, 7:40:25 AM2/1/23
to AWX Project
bump
brx
Feb 6, 2023, 10:21:11 AM2/6/23
to AWX Project
bump
AWX Project
Feb 8, 2023, 3:07:53 PM2/8/23
to AWX Project
Hello,
We would like to gather some more information from you. Could you run the ping module against the host again with verbosity set to 3 and provide us with that output? Thank you for that additional information!
-AWX Team
AWX Project
Feb 10, 2023, 1:40:49 PM2/10/23
to AWX Project
Are you able to ssh directly from the awx control node command line? If so, how long does that connection typically take? If not, you should investigate any proxy or firewall that could be in the middle.
Thanks,
AWX Team
Pietraszek
Feb 13, 2023, 2:29:55 AM2/13/23
to AWX Project
Yes, I'm able to connect via ssh from control node to destination host. It takes typically under 1 sec.
Pietraszek
Feb 14, 2023, 5:45:53 AM2/14/23
to AWX Project
bump
AWX Project
Feb 15, 2023, 2:59:56 PM2/15/23
to AWX Project
do you mind providing the output of /api/v2/ad_hoc_jobs/<id> (or /api/v2/jobs if you ran a playbook) for that ping? we can take a closer look (be sure to remove sensitive info before uploading)
AWX Team
AWX Project
Feb 15, 2023, 3:01:48 PM2/15/23
to AWX Project
sorry it is at api/v2/ad_hoc_commands
AWX Project
Feb 22, 2023, 3:02:47 PM2/22/23
to AWX Project
can you successfully establish a connection to your host from inside the awx-ee container? You can use podman run to run awx-ee container (outside of awx), exec into it and try to ssh into your host? that is closer to how k8s will be doing it.
do other regular jobs (based on job templates) run okay (i.e. is it just ad hoc commands that cause issues?)
AWX Team
Pietraszek
Mar 7, 2023, 10:27:26 AM3/7/23
to AWX Project
Hi,
First for all we want to apologize for long break. Some others tasks came to us that were need to solve. We think this is the output that you've asked for. We're not using podeman. This output was intercepted by entering thru crictl to a running awx-ee container. Added in attachment.
First for all we want to apologize for long break. Some others tasks came to us that were need to solve. We think this is the output that you've asked for. We're not using podeman. This output was intercepted by entering thru crictl to a running awx-ee container. Added in attachment.
BR
Pietraszek
Mar 10, 2023, 6:13:47 AM3/10/23
to AWX Project
bump
AWX Project
Mar 10, 2023, 1:19:23 PM3/10/23
to AWX Project
What does your deployment look like? the automation job pods are running in the same cluster as your control node correct? are you using a container group to connect out to a different cluster?
Pietraszek
Mar 13, 2023, 9:28:20 AM3/13/23
to AWX Project
Hi,
In screens below, I've attached (I think) whole info about our deployment. Tbh I'm not master of k8s/k3s but from the tutorial that we used for setting up this environment I can deduce automation job pods are running in the same cluster as control node.
In screens below, I've attached (I think) whole info about our deployment. Tbh I'm not master of k8s/k3s but from the tutorial that we used for setting up this environment I can deduce automation job pods are running in the same cluster as control node.
Additionally, here is a worker container (marked as red) that launches during job execution.
BR,
Piotr
dawid.grygrzc
Mar 17, 2023, 11:30:08 AM3/17/23
to AWX Project
bump
Pietraszek
Mar 20, 2023, 3:54:00 AM3/20/23
to AWX Project
bump
AWX Project
Mar 22, 2023, 2:37:35 PM3/22/23
to AWX Project
Hi,
From what we are seeing, this is an SSH configuration / environment issue, you might need narrow down the issue a little more
AWX Team
Reply all
Reply to author
Forward
0 new messages