Automation with Power

Good day team:

I've been trying to connect to a remote node (from AWX controller on AIX @Andrey Klyachkin www.power-devops.com) using a non-standard port and account name without much success.

Current status
I've used add_host to dynamically add the target node to the in memory inventory and then initiate the playbook.  The environment that's configured off the back of Port 8022 uses (very) old Ciphers [currently seeing if these can be updated] so have had to add in a "-o Ciphers=" in the extra args.

I see "Connection established" and "ESTABLISH SSH CONNECTION FOR USER: <Account-name>" however I get "Data could not be sent to remote host \"<Server-Name>\". Make sure this host can be reached over ssh: [Errno 32] Broken pipe" returned along with "Data could not be sent to remote host \"Server-Name\". Make sure this host can be reached over ssh: OpenSSH_8.1p1, OpenSSL 1.1.1v  1 Aug 2023"

NOTE
If I connect manually to Port 8022 using my non-root account, my root (dzdo) account, and the AWX account (su - awx) (all from the AWX controller LPAR) they all connect without any issues.

I'm sure the devil's in the detail so would be very interested to hear from anyone who's used add_host to successfully connect to a non-standard Port and any pointers they might have.

The following (example) playbook, run from an AWX job template does not escalate privileges and so the job should be running as "awx" therefore I'd have expected the above manual steps which connected successfully should also work here.

- name: Add host to in memory inventory
  hosts: localhost
  gather_facts: False

  vars:
    ansible_python_interpreter: auto

  tasks:
    - ansible.builtin.add_host:
        groups: consoles
        hostname: <Remote_System>
        ansible_port: 8022
        ansible_ssh_user: "{{ lookup('vars', 'username') }}"
        ansible_ssh_password: "{{ lookup('vars', 'password') }}"
        ansible_ssh_extra_args: '-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o Ciphers=aes256-cbc -o ControlMaster=auto -o ControlPersist=30m -o UserKnownHostsFile=/dev/null -o ServerAliveInterval=20 -o ConnectionAttempts=20 -o LogLevel=QUIET'

- name: Interact with remote system
  hosts: consoles
  gather_facts: false
  
  vars:
    ansible_python_interpreter: auto

  tasks:
    - name: Query Consoles - Testing
      command: "{{ item }}"
      with_items:
        - whoami
        - quit
      register: reg_ConsoleList

    - name: Print list of consoles
      debug:
        var: "{{ reg_ConsoleList.stdout }}"

System details

Target node details
 - Red Hat Enterprise Linux Server release 7.9
 - openssl-1.0.2k-26.el7_9.x86_64
 - openssh-7.4p1-23.el7_9.x86_64
 
AWX details
 - AIX 7.3.1.1
 - ansible-awx-17.1.0-2aix.ppc
 - OpenSSL 3.0.10.1000
 - OpenSSH 8.1.112.2000

Many thanks, Steve

#ansible-aix

------------------------------
Steve Munday
AIX, IBM i, HMC, PowerVM
------------------------------

Update

Having done some more digging (the remote node is running a semi-restricted shell powered by Java) I found using the shell module along with 'spawn', 'expect', and 'send' allowed me to connect and execute successfully..

- name: ConsoleWorks
  hosts: localhost
  gather_facts: false
  
  vars:
    ansible_python_interpreter: auto
    cw_hostname: cw.com
    cw_port: 8022

  tasks:
    - name: Access Consoleworks using Shell
      shell: |
        spawn ssh {{ lookup('vars', 'cw_username') }}@{{ cw_hostname }} -o Port{{'='}}{{ cw_port }} -o Ciphers{{'='}}aes256-cbc -o StrictHostKeyChecking{{'='}}no
        expect 'password: '
        send "{{ lookup('vars', 'cw_password') }}\r"
        expect 'cw> '
        send "delete console abc123\r"
        expect 'cw> '
        send "quit\r"
      args:
        executable: /usr/bin/expect
      register: reg_ConsoleWorks

    - name: Confirm deletion
      debug:
        msg: "Console has been successfully deleted"
      when: '"Deleted CONSOLE" in reg_ConsoleWorks.stdout'

    - name: Confirm deletion not possible
      debug:
        msg: "Console does not exist, nothing deleted"
      when: '"Deleted CONSOLE" not in reg_ConsoleWorks.stdout'

Steve

- name: Add host to in memory inventory  hosts: localhost  gather_facts: False  vars:    ansible_python_interpreter: auto  tasks:    - ansible.builtin.add_host:        groups: consoles        hostname: <Remote_System>        ansible_port: 8022        ansible_ssh_user: "{{ lookup('vars', 'username') }}"        ansible_ssh_password: "{{ lookup('vars', 'password') }}"        ansible_ssh_extra_args: '-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o Ciphers=aes256-cbc -o ControlMaster=auto -o ControlPersist=30m -o UserKnownHostsFile=/dev/null -o ServerAliveInterval=20 -o ConnectionAttempts=20 -o LogLevel=QUIET'- name: Interact with remote system  hosts: consoles  gather_facts: false    vars:    ansible_python_interpreter: auto  tasks:    - name: Query Consoles - Testing      command: "{{ item }}"      with_items:        - whoami        - quit      register: reg_ConsoleList    - name: Print list of consoles      debug:        var: "{{ reg_ConsoleList.stdout }}"

Target node details - Red Hat Enterprise Linux Server release 7.9 - openssl-1.0.2k-26.el7_9.x86_64 - openssh-7.4p1-23.el7_9.x86_64 AWX details - AIX 7.3.1.1 - ansible-awx-17.1.0-2aix.ppc - OpenSSL 3.0.10.1000 - OpenSSH 8.1.112.2000