SSH_AUTH_SOCK is not in use for ansible


Basically I just added an ssh-agent job as well to my jobs, but as a last step, my ansible-playbook didn’t use the SSH_AUTH_SOCK.

It means it is failing when the playbook executed on the hosts. Important note, that managed instances are under a bastion host. SSH-key so agent-forwarding is mandatory.

The whole process works fine locally in a virtualized environment (vagrant / virtualbox):

# [root@ansible vagrant]#  ssh-agent bash
# [root@ansible vagrant]# ssh-add -L
# The agent has no identities.
# [root@ansible vagrant]# ssh-add /tmp/deploy.key 
# Identity added: /tmp/balico.key (/tmp/deploy.key)
# [root@ansible vagrant]# ssh-add -L

playbook started after this action works like a chart. But not in CI environment.

Could you please help me out, how can I force ansible to use SSH_AUTH_SOCK to SSH in hosts in inventory?

How do you set SSH_AUTH_SOCK in the Actions workflow? I’m kind of suspecting the problem might be that shell variables don’t carry over between steps.

here is the beggining of the yml:

runs-on: ubuntu-latest

- name: "Checkout"
  uses: actions/checkout@master

- uses: webfactory/ssh-agent@v0.5.3
   ssh-private-key: ${{ secrets.KEY }}
   ssh-auth-sock: /tmp/ssh_agent.sock

- name: Extract SSH_AUTH
shell: bash
run: echo “##[set-output name=SSH_AUTH_SOCK;]$(echo $SSH_AUTH_SOCK)”
id: extract_ssh

 - name: "Post-install"
   uses: saubermacherag/ansible-playbook-docker-action@v1.3
     SSH_AUTH_SOCK: /tmp/ssh_agent.sock
     playbookName: './terraform/provision/post_install.yml'
     inventoryFile: './terraform/inventory'
     extraVars: "-e branch=${{ steps.extract_branch.outputs.branch }} -e SSH_AUTH_SOCK=${{steps.extract_ssh.outputs.SSH_AUTH_SOCK}} "
     verbosity: "v"

Of course I tried to use it explicitly (without extract the value from the shell), and with default values as well.

I tried another action for ansible playbook (saubermacherag/ansible-playbook-docker-action@v1.3) without luck.

Setting SSH_AUTH_SOCK should be sufficient, whether from another action or in the env of the step. I’m pretty sure setting it as an Ansible variable is pointless.

The only thing I can think of here is to get additional debug info from Ansible, to hopefully see what’s going on: Network Debug and Troubleshooting Guide — Ansible Documentation
Maybe also check the permissions on the SSH_AUTH_SOCK.

Thank you for your answer. Yes, set it as extra var for ansible is pointless, you are right, but it was a tryout as well.

I check the link, permission is also a good point.

Best Regards,