![]() Our third-party vendor uses a national criminal database ("NCD") to screen service professionals. We use a third-party vendor to conduct a criminal records search in the county in which the business owner or principal works. As always, we recommend that you conduct your own research on the businesses you hire, including making inquiries directly with the businesses regarding their employee background check policies. ![]() ![]() Unfortunately, we cannot perform a background check on every employee of a business-the background checks are performed only on the owner or principal. The owner or principal of each business in HomeAdvisor's network (with the exception of Corporate Accounts) must pass a background check. I set up another set of machines and an AWX to find out as which user AWX is actually executing my play / tasks, and spying on it with a local command id, I see uid=1000(runner) which is not the uid=1000(awx) I was expecting, so this is all occurring on awx-ee (execution environment).Criminal Background Check Who does HomeAdvisor background check? ![]() It’s been a long time since I’ve given up in the face of a bit of software… Another another update Unless somebody has a proven solution, I give up. The SSH configuration is neither taken from /var/lib/awx/.ssh nor from /root/.ssh, and I’m not able to inject a file into /etc/ssh/ssh_config.d/xxx.conf as Kubernetes turns that into a directory, and I cannot overwrite /etc/ssh/ssh_config because K8s complains the container won’t start as a directory is trying to overwrite a file (I assume this is related to this “file injection”), so I’m actually capitulating at this point. Tower_task_extra_volume_mounts : | - name: "sshconfig" mountPath: "/var/lib/awx/.ssh/config" subPath: "config" readOnly: true - name: "sshkey" mountPath: "/var/lib/awx/.ssh/id_ed25519" subPath: "id_ed25519" readOnly: true tower_extra_volumes : | - name: "sshconfig" secret: secretName: "awx-jp01" items: - key: conf path: "config" - name: "sshkey" secret: secretName: "awx-jp01" items: - key: keyfile path: "id_ed25519" I’ve learned that I can create actual directories and files to avoid the symlinks, but AWX doesn’t use the configuration I drop into /var/lib/awx/.ssh so I’m a bit at wit’s end: However, this does not work if files in your ~/.ssh/ directory happen to be symlinked to another directory that is also not mounted into the container runtime The only hint I’ve so far found is in the Ansible Runner documentation:Īnsible Runner will automatically bind mount your local ssh agent UNIX-domain socket (SSH_AUTH_SOCK) into the container runtime. This works well from the command line as demonstrated above, but from within AWX it doesn’t. Oh, and have you seen the new “look” of AWX? Update Password for 12.2-RELEASE-p1 FreeBSD 12.2-RELEASE-p1 GENERIC amd64Īnd now I have definitely deserved a drink. rw-r-r- 1 root root 444 Mar 25 17:24 id_ed25519īash-4.4$ ssh -l ansible uname -a Failed to add the host to the list of known hosts (/var/lib/awx/.ssh/known_hosts). Lrwxrwxrwx 1 root root 25 Mar 25 17:24 config ->. $ kubectl exec -c awx-task awx-555d75485d-nbzf5 -i -t - bash -o vi
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |