Conversation

Notices

1. Embed this notice
   clacke (clacke@libranet.de)'s status on Tuesday, 04-Feb-2025 11:44:48 JST clacke

   Anyone with Ansible/AWX experience accessing HTTP APIs on protected networks?

   I have tried documentation, the global web and chat with colleagues. Time to bring on the fedi human search.

   Using ansible on switches that require you to come from a protected network is easy, you set up your ssh command to go through a jumphost. Accessing switches or firewalls that use an HTTP API is easy, you use a package that talks to the HTTP API, probably using the httpapi package.

   But an HTTP API where you need to come from a protected network? Manually it's easy, just `ssh -D` to a jumphost/bastion in the right network and tell curl to use a SOCKS proxy.

   On the Ansible side though, I can't find the right place to get httpapi to go through a SOCKS proxy, and I'm not sure where's the best place to run that ssh command.

   Has anyone on Fedi already solved this problem?

   #Ansible #AnsibleTower #AWX

   • Embed this notice
     Pissed Hippo (sun@shitposter.world)'s status on Tuesday, 04-Feb-2025 11:44:46 JST Pissed Hippo

     in reply to
     @clacke I think you just set http_proxy to your http proxy url in your environment block? Not sure, it's been several years
   • Embed this notice
     Pissed Hippo (sun@shitposter.world)'s status on Tuesday, 04-Feb-2025 11:45:09 JST Pissed Hippo

     in reply to

     • Pissed Hippo
     @clacke oh shoot, socks, I don't know, maybe if the uri is socks5:// but I haven't done it before
     clacke likes this.
   • Embed this notice
     Pissed Hippo (sun@shitposter.world)'s status on Tuesday, 04-Feb-2025 11:53:18 JST Pissed Hippo

     in reply to
     @clacke I wonder if you can even do that on Tower. I don't know, I am sorrty.
   • Embed this notice
     clacke (clacke@libranet.de)'s status on Tuesday, 04-Feb-2025 11:53:20 JST clacke

     in reply to

     • Pissed Hippo

     @sun Hmm, maybe that's worth trying.

     What's a good Ansibl-y way to:
     1. Start the ssh client
     2. Run the HTTP API task
     3. Stop the ssh client

   • Embed this notice
     clacke (clacke@libranet.de)'s status on Tuesday, 04-Feb-2025 17:54:54 JST clacke

     in reply to

     • Bonkers

     @bonkers I didn't even consider that it might accept a socks URL in the normal http proxy setting, but it's certainly worth trying, and probably works!

     Then the question just remains how to wrap this in some context where the ssh client is running.

   • Embed this notice
     Bonkers (bonkers@nerdculture.de)'s status on Tuesday, 04-Feb-2025 17:54:55 JST Bonkers

     in reply to

     @clacke I'd try this

     https://linuxtutorials.org/socks5-proxy-environment-variable-linux/

   • Embed this notice
     clacke (clacke@libranet.de)'s status on Tuesday, 04-Feb-2025 19:45:12 JST clacke

     in reply to

     • Bonkers
     @bonkers Yeah, there's an environment block: shitposter.world/objects/44fea…
   • Embed this notice
     Bonkers (bonkers@nerdculture.de)'s status on Tuesday, 04-Feb-2025 19:45:13 JST Bonkers

     in reply to

     @clacke I think you can set the remote variable in Ansible job definition. But I'm not that deep in it. I only did basic automation with direct ssh access to the remote side.

   • Embed this notice
     Bonkers (bonkers@nerdculture.de)'s status on Tuesday, 04-Feb-2025 19:45:53 JST Bonkers

     in reply to

     @clacke LOL, nice domain name over there

     clacke likes this.