ansible-navigator icon indicating copy to clipboard operation
ansible-navigator copied to clipboard

Published 20 hours ago verified publisher icon ansible

SSH Agent Forwarding With MacOS and Docker Desktop

Open timway opened this issue 2 years ago • 6 comments
trafficstars

ISSUE TYPE
  • Bug Report
SUMMARY

The SSH agent is not correctly mounted when using MacOS and Docker Desktop with Ansible Navigator.

ANSIBLE-NAVIGATOR VERSION
% ansible-navigator --version
ansible-navigator 3.4.0
CONFIGURATION

In one of the cases you can try to configure ansible-navigator.yml to mount the volume and configure the ENV variable as described in the Docker Desktop documentation.

---
ansible-navigator:
  execution-environment:
    environment-variables:
      set:
        SSH_AUTH_SOCK: /run/host-services/ssh-auth.sock
    volume-mounts:
      - src: /run/host-services/ssh-auth.sock
        dest: /run/host-services/ssh-auth.sock
LOG FILE
Warning: Issues were found while applying the settings.
   Hint: Command provided: '--mode stdout run playbook.yml --inventory hosts'

  Error: The following execution-environment.volume-mounts entry could not be parsed:  {'src': '/run/host-services/ssh-auth.sock',
         'dest': '/run/host-services/ssh-auth.sock'} (Settings file). Errors were found: Source: '/run/host-services/ssh-auth.sock'
         does not exist.
   Hint: The value of execution-environment.volume-mounts should be a list of dictionaries and valid keys are 'src', 'dest' and
         'options'.

   Note: Configuration failed, using default log file location. (/Users/abcd/efgh/ansible-navigator.log)
         Log level set to debug
   Hint: Review the hints and log file to see what went wrong.
STEPS TO REPRODUCE
  • Using MacOS, Python provided by MacOS, Ansible Navigator installed
  • Configure a target machine with SSH key based authentication using a key with a passphrase
  • Add the SSH key to the agent
  • Try to use ansible-navigator
EXPECTED RESULTS

Ideally, it detects the container runtime and automatically mounts the SSH agent into the container correctly.

ACTUAL RESULTS
  • With no configuration it runs the playbook but is missing the credentials provided by the SSH agent
  • With configuration in the ansible-navigator.yml to add the volume for /run/host-services/ssh-auth.sock it fails because the volume does not exist on the host running ansible-navigator
    • Should ansible-navigator be validating the bind mount paths or should we leave that up to the container runtime?
ADDITIONAL INFORMATION

https://docs.docker.com/desktop/networking/#ssh-agent-forwarding

timway avatar Aug 08 '23 14:08 timway

This appears to be an issue with ansible-runner and not ansible-navigator directly. I'll file an issue and potentially try to write a PR for it over there.

https://github.com/ansible/ansible-runner/blob/aef73cf7265b807c877697e74585f74d58459366/src/ansible_runner/config/_base.py#L372-L374

timway avatar Aug 09 '23 16:08 timway

https://github.com/ansible/ansible-runner/pull/1293 is the PR in ansible-runner. A similar fix will be needed for the volume check in ansible-navigator. Alternatively, should the volume check be removed for ansible-navigator all together?

timway avatar Aug 10 '23 06:08 timway

Hi @timway. I've posted a question here https://github.com/ansible/ansible-navigator/discussions/1621 which seems to be highly related with this issue. Could you please take a look and let me know if you have any idea? Thank you!

ekartsonakis avatar Oct 06 '23 07:10 ekartsonakis

Also running into this issue and want to add my support for this issue getting attention.

SilentRhetoric avatar Jul 10 '24 18:07 SilentRhetoric