Knowledge Base

Browse our knowledge base for free solutions to common problems

Ansible AWX: Remote Host Identification Has Failed

Created On: 14 September 2022
Written by: Ben

If you encounter the error when attempting to run a playbook against a destination host the likleyhood is the hosts keys have changed and are no longer recognised by the Ansible AWX server.

In this scenario you should remove the old host keys from the Ansible server and attempt to re-run the playbook. As Ansible AWX runs inside of docker instead of removing the host from the hosts from the local file (/root/.ssh/known_hosts) you will first need to login to the container which is being used by AWX to connect to the server and remove it from there.

First step is to find the awx_task container, to do this we can run:

docker ps

Now we should see something like the following:

[root@awx ~]# docker ps
CONTAINER ID   IMAGE                COMMAND                  CREATED       STATUS          PORTS                                                                            NAMES
653fa8983a60   ansible/awx:17.1.0   "/usr/bin/tini -- /u…"   7 weeks ago   Up 15 minutes   8052/tcp                                                                         awx_task
c17b7a81a3bc   ansible/awx:17.1.0   "/usr/bin/tini -- /b…"   7 weeks ago   Up 15 minutes   0.0.0.0:80->8052/tcp, :::80->8052/tcp, 0.0.0.0:443->8053/tcp, :::443->8053/tcp   awx_web
7fdbfc1f3f60   redis                "docker-entrypoint.s…"   7 weeks ago   Up 15 minutes   6379/tcp                                                                         awx_redis
177e53019377   postgres:12          "docker-entrypoint.s…"   7 weeks ago   Up 15 minutes   5432/tcp                                                                         awx_postgres

Now login to the container using the following command:

docker exec -it <container_id> /bin/bash

Obviously change <container_id> to the container id which is returned when doing a docker ps. In my case I run the following:

docker exec -it 653fa8983a60 /bin/bash

Now open the known_hosts file in v:

nano /root/.ssh/known_hosts

Note some text editors are unavailable inside of containers. vi is widley used thats why this is used.

Once the file is open locate the line which you want to remove, this should be the one containing the host which is failing to connect due to host key verification and remove it.

In vi this can be achieved by scrolling through the file and when the text indicator is on the line you wish to delete hit dd on the keyboard.

If this does not work try tapping the escape key to make sure you are in command mode and repeating the step above.

Once you are satisfied that the file is ready to save save it by:

  1. Hitting the escape key once
  2. Now type :wq! and hit enter

Now exit the container by issuing exit command:

exit

If you re-run the failed job this time it should succeed as the old host key has been removed.

ICTU LTD is a company registered England and Wales (Company No. 09344913) 15 Queen Square, Leeds, West Yorkshire, England, LS2 8AJ
Copyright © 2024 ICTU LTD, All Rights Reserved.
exit