Open ekartsonakis opened 11 months ago
After a big web detour, it seems to be a MacOS+Docker thing (e.i https://github.com/docker/for-mac/issues/410 ). Running manually a docker container by combining --user=root
& -v /run/host-services/ssh-auth.sock:/run/host-services/ssh-auth.sock -e SSH_AUTH_SOCK="/run/host-services/ssh-auth.sock"
and removing root .ssh dir mapping -v /Users/myuser/.ssh/:/root/.ssh/
, I managed to successfully ssh remotely using my local ssh-agent and my unlocked ssh-key. Here is the simplified command I used:
docker run -it --user=root -v /run/host-services/ssh-auth.sock:/run/host-services/ssh-auth.sock -e SSH_AUTH_SOCK="/run/host-services/ssh-auth.sock" --rm dockerhub.cisco.com/placetel-it-docker-local/placetel-thick-ee:1.1.1 /bin/bash
Ansible-navigater is adding --user=current_user_id
by default and if we add container options like this, it is appended. Lastly I'm not sure if SSH_AUTH_SOCK
contains a usable socket for mac to be mapped.
Adding the "mac" keyword on the title of this issue.
@ajinkyau @cidrblock Can you please investigate this and determine if that is indeed a bug in navigator or just an environment specific issue related to docker on macos. Probably we would also have a similar issue with podman because its also works the same way (container host being VM).
+1
Also running into this issue and would like to be able to use the EE approach with MacOS + Docker.
We are also affected, we would like to use ansible-navigator but because of some Mac Users in the Team this is not possible due to this issue.
Probably we would also have a similar issue with podman because its also works the same way (container host being VM).
I did notice an improvement when using podman instead of docker.
If podman is an option for you, try switching from docker to podman and setting container-engine: podman
.
brew install podman
podman machine init
podman machine start
podman login internal.oci.registry
podman pull internal.oci.registry/my-ee:0.0.1
ansible-navigator run my-playbook -i inventory/hosts --mode stdout
ISSUE TYPE
SUMMARY
ssh-agent forwarding in the ee container seems to be not working. It keeps asking for my passphrase on remote connections. For troubleshooting so far, I run an ansible task to
sleep 1000
and then exec in the ee container to run commands likessh-add -l
,env
etc.., or I exec in the ee docker image directly using the same options as ansible-navigator does.SSH_AUTH_SOCK
env variable is correctly passed in the ee and the socket is mounted:In the ee container:
but my key is not there:
I tried @timway's suggestion https://github.com/ansible/ansible-runner/pull/1293 to add a docker option
--user root
but didn't help.ANSIBLE-NAVIGATOR VERSION
Running with Docker Desktop 4.23.0 on a Mac M1 + macOS 14 Sonoma
CONFIGURATION
LOG FILE
STEPS TO REPRODUCE
Use an image for execution environment and your ssh key with a passphrase.
EXPECTED RESULTS
As described in docs: https://github.com/ansible/ansible-navigator/blob/main/docs/faq.md#ssh-keys
The use of ssh-agent results in the simplest configuration and eliminates issues with SSH key passphrases when using ansible-navigator with execution environments.
ACTUAL RESULTS
ssh to remote hosts fails
ADDITIONAL INFORMATION
my
ansible.cfg
in the project dir:part of my
.ssh/config