Reputation: 6239
SSH agent forwarding is not working on all the SSH target machines
/home/buildworker/.ssh/ssh_config
host *
IdentityFile /home/buildworker/.ssh/buildworker
StrictHostKeyChecking yes
ForwardAgent yes
We are using Buildbot to build django applications in test and production environments. The flow is when a developer pushes code to the rhodecode repository a corresponding build gets triggered to run ansible playbook that deploys the application to either test or production environment.
Production and test machines names are identified by the convention: app.domain.com and app.test.domain.com respectively.
The issue is ansible playbook, although buildworker is able to SSH to both the enviroments, one of the tasks of the playbook involves using forwarded SSH agent on the target machine(test or production) to fetch code from rhodecode repository. This task fails in test environment machines but it works perfectly fine in production environment. Since we are using host *, the SSH agent forwarding should happen on all the target machines.
The issue started after we upgraded buildbot host machine from debian 9 to debian 10, it was working fine on debian 9.
I tried the following to debug: I did SSH from my machine to buildbot machine and tried to run the ansible playbook by becoming buildworker user and ran the playbook:
eval `ssh-agent -s` && ssh-add /home/buildworker/.ssh/buildworker && ansible-playbook -i environments/testing/inventory --user buildworker application.yml
That worked fine both production and test.
Since ansible uses root user to run the plabyook, to make sure that SSH agent with correct key, buildworker, gets forwarded, I made sure that the file /etc/sudoers contains
Defaults env_keep += "SSH_AUTH_SOCK"
The result was ansible playbook ran successfully, as root user, in production env but not in test environment.
Upvotes: 1
Views: 1252
Answers (1)
Reputation: 6239
Following this answer what worked is adding configs in /etc/ansible/ansible.cfg file:
[ssh_connection]
ssh_args=-o ControlMaster=auto -o ControlPersist=60s -o ForwardAgent=yes
With configs in buildworker machine, ansible playbooks are able to forwared SSH agent even with root user to fetch code from rhodecode repository.
However it is still not clear the SSH agent is getting forwarded in production environment without adding aforementioned configs.
Upvotes: 2
Related Questions
- How do I remove the passphrase for the SSH key without having to create a new key?
- Could not open a connection to your authentication agent
- How to specify the private SSH-key to use when executing shell command on Git?
- Starting ssh-agent on Windows 10 fails: "unable to start ssh-agent service, error :1058"
- Ansible SSH private key in source control?
- SSH Agent Forwarding with Ansible
- Why isn't ssh-agent authenticating the private key's passphrase when I use Ansible?
- SSH agent forwarding in Vagrant