Playbook ssh issues, AWX add ansible- prefix into the real user name

michaelzzz commented 11 months ago

Please confirm the following

[X] I agree to follow this project's code of conduct.
[X] I have checked the current issues for duplicates.
[X] I understand that AWX is open source software provided for free and that I might not receive a timely response.
[X] I am NOT reporting a (potential) security vulnerability. (These should be emailed to security@ansible.com instead.)

Bug Summary

I have some playbooks running without any issues in AWX 9.0.1.0 and currently I am working on moving all the playbooks to newer version AWX 23.0.0.When I run the playbook in AWX 23.0.0 GUI, it always fails, giving some SSH related errors, the related SSH command used by playbook looks something like

bash-5.1$ ssh -vvv -F ./ssh.cfg -o ControlMaster=auto -o ControlPersist=30m -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="test"' -o ConnectTimeout=10 -o 'ProxyCommand=ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -W %h:%p -q test@jump.test.net' -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o 'ControlPath="~/.ssh/ansible-%r@%h:%p"' test.net

When I copied this SSH command above into AWX task container and directly execute this SSH command , it is running success, so clearly the SSH public/private key set up is correct, also I am sure the credential to be configured in AWX has correctly imported the related SSH private key.

So I am confused now what else can be the cause

The key error logs are

  `  Authenticated to test.net (via proxy) using \"publickey\".\r\n

    debug1: pkcs11_del_provider: called, provider_id = (null)\r\n

    debug1: setting up multiplex master socket\r\n

    debug3: muxserver_listen: temporary control path /runner/.ssh/ansible-test@test.net:22.pqGv0YsDRO3Skadp\r\n

    unix_listener: cannot bind to path /runner/.ssh/**ansible-test**@test.net:22.pqGv0YsDRO3Skadp: No such file or directory",
    "unreachable": true

` It is weird that the user listed above is 'ansible-test', but I have never configured this user anywhere in my platform, the real user should be 'test'

AWX version

23.0.0

Select the relevant components

[ ] UI
[ ] UI (tech preview)
[ ] API
[ ] Docs
[ ] Collection
[X] CLI
[ ] Other

Installation method

kubernetes

Modifications

no

Ansible version

No response

Operating system

No response

Web browser

No response

Steps to reproduce

The credential I used for this playbook is 'Machine' and needs to import SSH private key

Then run the playbook from AWX GUI

Expected results

I shall see the playbook runs success

Actual results

Playbook run from AWX GUI always fails, and in the logs it seemed the incorrect user name is used by AWX, instead of the real user configured in AWX GUI, AWX inserted prefix 'ansible-' into the real user name

Additional information

No response

fosterseth commented 11 months ago

does this work for a real user that is not named "test"?

Could you please ask this on our mailing list? See https://github.com/ansible/awx/#get-involved for information for ways to connect with us.

also check out our new forum at forum.ansible.com

michaelzzz commented 11 months ago

Thanks a lot for your reply

It seemed that even Ansible is not installed with AWX

I have posted a thread in the community

https://forum.ansible.com/t/installation-procedure-of-latest-awx-version-23-0-0/992

Hopefully you or someone else can help

fosterseth commented 11 months ago

thanks for opening the thread on the forum, we can carry on the conversation there

closing this issue for now

ansible / awx