My AWX has been running with an old EE (ansible-core 2.12) for some time, and I’ve recently updated it to 2.17. However jobs running with the new EE are not picking up the signed SSH cert from AWX and failing authentication.
AWX info
AWX 23.7.0
Old EE
Info
- ansible 9.9.1
- receptor 1.0.0
ansible [core 2.12.4.post0]
config file = None
configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.8/site-packages/ansible
ansible collection location = /home/runner/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible
python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)]
jinja version = 2.10.3
libyaml = True
Job Log
Identity added: /runner/artifacts/710131/ssh_key_data (/runner/artifacts/710131/ssh_key_data)
Certificate added: /runner/artifacts/710131/ssh_key_data-cert.pub (cert-host-ansible)
New EE
Info
- ansible-core 2.18.0
- receptor 1.4.4
ansible [core 2.18.0]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.12/site-packages/ansible
ansible collection location = /home/runner/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible
python version = 3.12.6 (main, Sep 9 2024, 00:00:00) [GCC 11.5.0 20240719 (Red Hat 11.5.0-2)] (/usr/bin/python3.12)
jinja version = 3.1.4
libyaml = True
Job Log:
Identity added: /runner/artifacts/708656/ssh_key_data (/runner/artifacts/708656/ssh_key_data)
New execution-environment.yml
---
version: 3
dependencies:
ansible_core:
package_pip: ansible-core>=2.17.0
ansible_runner:
package_pip: ansible-runner
system: bindep.txt
galaxy: requirements.yml
python: requirements.txt
python_interpreter:
package_system: "python312"
python_path: "/usr/bin/python3.12"
images:
base_image:
name: "quay.io/centos/centos:stream9"
additional_build_files:
- src: ansible.cfg
dest: configs
- src: entrypoint.sh
dest: files
additional_build_steps:
prepend_galaxy:
COPY _build/configs/ansible.cfg /etc/ansible/ansible.cfg
append_final: |-
ARG RECEPTOR_VERSION="1.4.4"
RUN mkdir -p /src \
&& cd /src \
&& curl -L https://github.com/ansible/receptor/releases/download/v${RECEPTOR_VERSION}/receptor_${RECEPTOR_VERSION}_linux_amd64.tar.gz > receptor.tar.gz \
&& tar xf receptor.tar.gz \
&& mv -v receptor /usr/bin \
&& rm -rf /tmp/* /var/tmp/* \
&& alternatives --set python /usr/bin/python3.12 || alternatives --install /usr/bin/python python /usr/bin/python3.12 1 \
&& alternatives --set pip /usr/local/bin/pip3.12 || alternatives --install /usr/local/bin/pip pip /usr/bin/pip3.12 1 \
&& mkdir /release \
&& date > /release/info \
&& git lfs install \
&& dnf clean dbcache
COPY _build/configs/ /etc/ansible/
ADD _build/configs/ansible.cfg .ansible.cfg
RUN for dir in /home/runner /home/runner/.ansible /home/runner/.ansible/tmp /runner /home/runner /runner/env /runner/inventory /runner/project /runner/artifacts ; do mkdir -m 0775 -p $dir ; chmod -R g+rwx $dir ; chgrp -R root $dir ; done && for file in /home/runner/.ansible/galaxy_token /etc/passwd /etc/group ; do touch $file ; chmod g+rw $file ; chgrp root $file ; done
RUN python -m pip install --upgrade pip && pip install dumb-init --no-cache-dir
VOLUME /runner
ENV HOME=/runner
ADD _build/files/entrypoint.sh /bin/entrypoint
RUN chmod +x /bin/entrypoint
ENTRYPOINT ["entrypoint"]
options:
container_init:
cmd: ansible-runner worker --private-data-dir=/runner