AWX SSH connection not establishing when running playbook

Question

I am trying to run my first playbook. Running AWX on CentOS8,trying to connect to remote device using SSH. On my remote device I have run ssh-genkey on my device and added the .pub key to authorized_keys file. I have also taken the .pub private key and created a credentials machine type and added the private key. Username and password are blank. I can only connect using root user to my remote device enter image description here

My playbook is:

- name: use machine credentials(1)
  hosts: ACS
  connection: ssh
  gather_facts: false
  timeout: 10

  tasks:      
  - name: Get firmware version from host
    shell: "date"
    #shell: cat /firmware | grep ^VERSION | cut -d"=" -f2
    register: firmware_version
    tags: firmware_version

I am trying to SSH to my remote devicve and read the firmware details from a file on the remote device.

When I run my playbook the output fails and I do not believe it is connecting to the remote device. I can manually SSH from my AWX host to the remote device from a putty session. I tried with private key file on the AWX host and can SSH to my remote device using the key from putty.

Output from AWX:

Identity added: /runner/artifacts/196/ssh_key_data (/runner/artifacts/196/ssh_key_data)
ansible-playbook [core 2.14.2]
  config file = None
  configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.9/site-packages/ansible
  ansible collection location = /runner/requirements_collections:/home/runner/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible-playbook
  python version = 3.9.16 (main, Dec  8 2022, 00:00:00) [GCC 11.3.1 20221121 (Red Hat 11.3.1-4)] (/usr/bin/python3)
  jinja version = 3.1.2
  libyaml = True
No config file found; using defaults
host_list declined parsing /runner/inventory/hosts as it did not pass its verify_file() method
Parsed /runner/inventory/hosts inventory source with script plugin
Skipping callback 'awx_display', as we already have a stdout callback.
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: acs_backup.yml *******************************************************
1 plays in acs_backup.yml

PLAY [use machine credentials(1)] **********************************************

TASK [Get firmware version from host] ******************************************
task path: /runner/project/acs_backup.yml:18
<10.162.29.138> ESTABLISH SSH CONNECTION FOR USER: root
<10.162.29.138> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o 'ControlPath="/runner/cp/4477df8717"' 10.162.29.138 '/bin/sh -c '"'"'echo ~root && sleep 0'"'"''
<10.162.29.138> (0, b'/home/root\\r\\n', b"Warning: Permanently added '10.162.29.138' (ED25519) to the list of known hosts.\\r\\n")
<10.162.29.138> ESTABLISH SSH CONNECTION FOR USER: root
<10.162.29.138> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o 'ControlPath="/runner/cp/4477df8717"' 10.162.29.138 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /home/root/.ansible/tmp `"&& mkdir "` echo /home/root/.ansible/tmp/ansible-tmp-1677124576.2755764-27-69248210230276 `" && echo ansible-tmp-1677124576.2755764-27-69248210230276="` echo /home/root/.ansible/tmp/ansible-tmp-1677124576.2755764-27-69248210230276 `" ) && sleep 0'"'"''
<10.162.29.138> (0, b'ansible-tmp-1677124576.2755764-27-69248210230276=/home/root/.ansible/tmp/ansible-tmp-1677124576.2755764-27-69248210230276\\r\\n', b'')
<ACS-10.162.29.138> Attempting python interpreter discovery
<10.162.29.138> ESTABLISH SSH CONNECTION FOR USER: root
<10.162.29.138> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o 'ControlPath="/runner/cp/4477df8717"' 10.162.29.138 '/bin/sh -c '"'"'echo PLATFORM; uname; echo FOUND; command -v '"'"'"'"'"'"'"'"'python3.11'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.10'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.9'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.8'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.7'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.6'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.5'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'/usr/bin/python3'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'/usr/libexec/platform-python'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python2.7'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'/usr/bin/python'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python'"'"'"'"'"'"'"'"'; echo ENDFOUND && sleep 0'"'"''
<10.162.29.138> (0, b'PLATFORM\\r\\nLinux\\r\\nFOUND\\r\\n/usr/bin/python3.5\\r\\n/usr/bin/python3\\r\\n/usr/bin/python2.7\\r\\n/usr/bin/python\\r\\n/usr/bin/python\\r\\nENDFOUND\\r\\n', b'')
<10.162.29.138> ESTABLISH SSH CONNECTION FOR USER: root
<10.162.29.138> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o 'ControlPath="/runner/cp/4477df8717"' 10.162.29.138 '/bin/sh -c '"'"'/usr/bin/python3.5 && sleep 0'"'"''
fatal: [ACS-10.162.29.138]: FAILED! => {
    "changed": false,
    "msg": "The shell action failed to execute in the expected time frame (10) and was terminated"
}

PLAY RECAP *********************************************************************
ACS-10.162.29.138          : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   

Can anyone point me in the right dirction as to the why I am not connecting via SSH to my remote device?

Answer 1

You have an issue connecting via ssh.

10.162.29.138 is a private address. Are you running the ansible script from a machine on the VPC? If not then that is the first issue you need to address.

If you are on the same VPC or have a tunnel to the subnet, then try running nc -zv 10.162.29.138 22 - if it connects then try your ansible script again. If that still fails for the same reason, then try connectnig using ssh -vv .... on the command line describing the output of the nc and ssh commands.

Answer 2

I am connecting to GITHUB and syncing the project on my local AWX host. Both AWX and the device I am trying to ssh to are on the same local network 10.162.29.x.

I ran your commands. I can connect using NCAP and ssh but when in verbose mode for ssh it just stays saying "Connecting to 10.162.29.138 [10.162.29.138] port 22 so not sure why that is and not completing the connection.

[localadmin@centOS8-awx ~]$ nc -zv 10.162.29.138 22 Ncat: Version 7.70 ( https://nmap.org/ncat ) Ncat: Connected to 10.162.29.138:22. Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds.

[localadmin@centOS8-awx ~]$ ssh root@10.162.29.138 Password:

WARNING: Improper use of shell commands could lead to data loss, the deletion of important system files or other unexpected result. Please double-check your syntax when typing shell commands.

[root@ACS8008-0520414440 ~]# exitConnection to 10.162.29.138 closed.

[localadmin@centOS8-awx ~]$ ssh -vv root@10.162.28.138 OpenSSH_8.0p1, OpenSSL 1.1.1k FIPS 25 Mar 2021 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf debug2: checking match for 'final all' host 10.162.28.138 originally 10.162.28.138 debug2: match not found debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config debug1: configuration requests final Match pass debug2: resolve_canonicalize: hostname 10.162.28.138 is address debug1: re-parsing configuration debug1: Reading configuration data /etc/ssh/ssh_config debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf debug2: checking match for 'final all' host 10.162.28.138 originally 10.162.28.138 debug2: match found debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config debug2: ssh_connect_direct debug1: Connecting to 10.162.28.138 [10.162.28.138] port 22.