Correct.
I can’t say for sure since I haven’t examined your actual environment, but I still believe that your problem is not a bug.
The old Tower 3.8 also has a mechanism to isolate the job execution process in another form (Bubblewrap) that is not Podman: 18. Bubblewrap functionality and variables — Ansible Tower Administration Guide v3.8.6
As Bubblewrap has the ability to map owners of the files in the sandbox to nobody
(65534
) if its owner is not current user. This is probably a cause of your issue.
The key is, to avoid setting become
to true
on tasks for localhost
unless you really need it. Whether it is Tower, AWX, or Automation Controller, privileged access on localhost
will most likely fail in an environment where process isolation is enabled, and there should be very few situations where it is needed in the first place.