I can confirm that these envs are inside the containers but for some reason when I run sync it still doesn’t pick them up, I was able to replicate the sync playbook on my local machine but cannot for the life of me get it working in AWX
Please let me know if I have missed any information and any help would be appreciated.
the error i get when specific SSH_GIT_COMMAND via extra_env is
fatal: [localhost]: FAILED! => {"changed": false, "cmd": "/usr/bin/git ls-remote 'ssh:********@<GIT URL>' -h refs/heads/HEAD", "msg": "ssh_dispatch_run_fatal: Connection to <IP_ADDRESS> port 22: error in libcrypto\\r\\nfatal: Could not read from remote repository.\\n\\nPlease make sure you have the correct access rights\\nand the repository exists.", "rc": 128, "stderr": "ssh_dispatch_run_fatal: Connection to <IP_ADDRESS> port 22: error in libcrypto\\r\\nfatal: Could not read from remote repository.\\n\\nPlease make sure you have the correct access rights\\nand the repository exists.\\n", "stderr_lines": ["ssh_dispatch_run_fatal: Connection to 192.168.202.81 port 22: error in libcrypto", "fatal: Could not read from remote repository.", "", "Please make sure you have the correct access rights", "and the repository exists."], "stdout": "", "stdout_lines": []}
but when i remove the extra_env i get
Unable to negotiate with <IP_ADDRESS> port 22: no matching host key type found. Their offer: ssh-rsa\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n
so it is clearly picking up the ssh config but something else is going on inside AWX that is preventing it from cloning,
My current thought/process is maybe setting GIT_SSH_COMMAND is overwriting AWX setting the credential file but i am unsure how this works at the moment.
Some further research, it seems to be an issue with the awx-ee control plane execution environment, running the same test above but inside the container does not work and gives the same error.
so after some further testing with the image, obviously, a newer version of OpenSSL has dropped support for older encryptions but the options I am passing through to GIT_SSH_COMMAND and also the ssh config seem to be causing this error.
the only reliable method I have found to get it working is to run update-crypto-policies --set LEGACY I would assume this is a bug but I cannot find any other reports on this issue