cerc-io
/
stack-orchestrator
mirror of https://github.com/cerc-io/stack-orchestrator
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

fix: sync-tools playbook uses agent forwarding, not socket hunting 

- Add become: false to git tasks so SSH_AUTH_SOCK survives (sudo drops it)
- Fetch explicit branch names instead of bare `git fetch origin`
- Remove the fragile `Find SSH agent socket` workaround

Requires ForwardAgent yes in SSH config (added to ~/.ssh/config).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
fix/kind-mount-propagation
A. F. Dudley 2026-03-09 06:20:16 +00:00
parent 601f520a45
commit f842aba56a
1 changed files with 8 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
playbooks/biscayne-sync-tools.yml
View File

@ -30,15 +30,19 @@
stack_branch: main stack_branch: main
tasks: tasks:
# Git operations run as the connecting user (no become) so that
# SSH agent forwarding works. sudo drops SSH_AUTH_SOCK.
- name: Update laconic-so (editable install) - name: Update laconic-so (editable install)
become: false
ansible.builtin.shell: | ansible.builtin.shell: |
cd {{ laconic_so_repo }} cd {{ laconic_so_repo }}
git fetch origin git fetch origin {{ laconic_so_branch }}
git reset --hard origin/{{ laconic_so_branch }} git reset --hard origin/{{ laconic_so_branch }}
register: laconic_so_update register: laconic_so_update
changed_when: true changed_when: true
- name: Show laconic-so version - name: Show laconic-so version
become: false
ansible.builtin.shell: ansible.builtin.shell:
cmd: set -o pipefail && cd {{ laconic_so_repo }} && git log --oneline -1 cmd: set -o pipefail && cd {{ laconic_so_repo }} && git log --oneline -1
executable: /bin/bash executable: /bin/bash
@ -49,24 +53,17 @@
ansible.builtin.debug: ansible.builtin.debug:
msg: "laconic-so: {{ laconic_so_version.stdout }}" msg: "laconic-so: {{ laconic_so_version.stdout }}"
- name: Find SSH agent socket
ansible.builtin.shell:
cmd: set -o pipefail && ls -t /tmp/ssh-*/agent.* 2>/dev/null | head -1
executable: /bin/bash
register: ssh_agent_socket
changed_when: false
failed_when: ssh_agent_socket.stdout == ""
- name: Pull agave-stack repo - name: Pull agave-stack repo
become: false
ansible.builtin.shell: | ansible.builtin.shell: |
export SSH_AUTH_SOCK={{ ssh_agent_socket.stdout }}
cd {{ stack_repo }} cd {{ stack_repo }}
git fetch origin git fetch origin {{ stack_branch }}
git reset --hard origin/{{ stack_branch }} git reset --hard origin/{{ stack_branch }}
register: stack_update register: stack_update
changed_when: true changed_when: true
- name: Show agave-stack version - name: Show agave-stack version
become: false
ansible.builtin.shell: ansible.builtin.shell:
cmd: set -o pipefail && cd {{ stack_repo }} && git log --oneline -1 cmd: set -o pipefail && cd {{ stack_repo }} && git log --oneline -1
executable: /bin/bash executable: /bin/bash