Question

Using Ansible to run nuclei commands

  • 24 July 2023
  • 1 reply
  • 238 views

Userlevel 2
Badge +5

We have an issue with backup snapshots getting stuck on our cluster, and of the many ways we use to find these, one of them is running the command:

nuclei vm_recovery_point.list

I was hoping to start down the path of automating the discovery of these recovery points using Ansible.  However when we run the nuclei command via Ansible, we get this error:

            "E0724 14:10:07.661153Z   15562 jwt.go:82] ZK session is nil",
            "2023/07/24 10:10:07 Failed to connect to the server: websocket.Dial ws://127.0.0.1:9444/icli: bad status: 403"

I think this means that nuclei calls the localhost websocket on the CVM, but Ansible interprets that as a call to the server I’m running ansible from (ie the ‘controller’ server), and not the CVM I’m remotely connected to.

Does anyone have any advice on how to handle this?  I’ve also looked at API calls, but can’t find any that give me the same info.


1 reply

Userlevel 4
Badge +5

Try this adhoc command that should give you an idea on the changes you’ll have to make.

  • zsh:
read 'cvmip?CVM address: '; read -s 'cvmpass?CVM password: '; ANSIBLE_HOST_KEY_CHECKING=False ansible all -i "${cvmip}," -m raw -a "source /etc/profile && nuclei -server localhost -username admin -password '${cvmpass}' vm_recovery_point.list" -u nutanix -e "ansible_password='${cvmpass}'"
  • bash:
read -p 'CVM address: ' cvmip; read -sp 'CVM password: ' cvmpass; ANSIBLE_HOST_KEY_CHECKING=False ansible all -i "${cvmip}," -m raw -a "source /etc/profile && nuclei -server localhost -username admin -password '${cvmpass}' vm_recovery_point.list" -u nutanix -e "ansible_password='${cvmpass}'"

 

Disclaimer: Use these commands at your own risk.

Reply