Using Azure DevOps repo as SCM for AWX project fails to authenticate

I’ve setup AWX on our lab kubernetes cluster, and wanted to connect a project in AWX to our on prem Azure DevOps instance. I created the project with Git as the source control type, and created a SCM Credential using a PAT I created in Azure DevOps, but I continually get: fatal: Authentication failed for ‘https://ourdevopsserver/blah/blah/_git/repo/

It seems Microsoft really wants you to pass the PAT as an Authorization header, which seems to work if I do so manually outside of AWX.

Is there any way for me to add an http header to the git call?

IE from command line I can do git --config=http.extraheader=(header)
I can’t find anything that explains how to do that, or if there’s another way to go with AzureDevOps integration into AWX.

Any ideas?

Still struggling with this - I’ve seen others who have said they just put the PAT in as the password and it works, which I’ve done, but I’ve not had any luck getting this to work.

From a shell, if I do a git ls-remote in the format of https://:<PAT>@ourserver/blah/_git/blah it works fine, but if I declare a username (https://git:<PAT>@ourserver/blah/_git/blah it will fail to authenticate.

If I don’t add a username in the AWX credential, it doesn’t pass any credential. Any ideas of a workaround? I tried using an http encoded null in the username field, but it again won’t authenticate.

Well, for anyone who finds this later and needs to do the same thing, here’s what i found:

AWX uses ansible playbooks (well of course) to update the project. It uses the ansible.builtin.git module which doesn’t have any options to authenticate the way Microsoft wants. Understanding this, I ran through the steps using an ansible playbook before bothering with AWX, and now have this working.

Here’s how I set it up:

I had to use ssh instead of https. I generated an ssh key pair (was a bit confused about how to generate one since it could be running on any kubernetes node, but then found out that SSH keys don’t care about what machine it is running on, so generating one on any machine is fine) and copied the private key into awx for the scm credential, use my username and a Personal Access Token (PAT) I generated in Azure DevOps.
I then put the public key into Azure DevOps (click profile picture in upper right, Security, SSH public keys.)

Then in AWX, I set the repo url to use the ssh format:
ssh://ourserver/blah/blah/_git/repo

And of course use the credential, then we were in business. Hope this helps somebody.

1 Like