SSH Agent Forwarding With MacOS and Docker Desktop

[timway]

This impacts only Docker Desktop on MacOS when using ansible-runner in process isolation mode.

The ENV path of cli_mounts in _handle_automounts does not work with Docker Desktop on MacOS. Docker Desktop wants to share a socket that is local to its internals and not on the MacOS system; /run/host-services/ssh-auth.sock. Because this file doesn't exist it fails the first check in _update_volume_mount_paths. Because it does not get added to the list of volumes it cannot be consumed by the container.

ansible-runner/src/ansible_runner/config/_base.py

Lines 372 to 374 in aef73cf

	if src_mount_path is None or not os.path.exists(src_mount_path):
	logger.debug(f"Source volume mount path does not exist: {src_mount_path}")
	return

This is documented by Docker Desktop at https://docs.docker.com/desktop/networking/#ssh-agent-forwarding and I have a similar bug open with ansible-navigator via ansible/ansible-navigator#1591 as that also checks the file path in a similar way.

The socket is mounted as:

$ ls -lahZ /run/host-services/ssh-auth.sock 
srwxr-xr-x 1 root root ? 0 Aug  7 14:00 /run/host-services/ssh-auth.sock

It is only writable by root so this feature requires root inside the container. I know setting the default container user to root could be problematic so it will require discussion to determine whether root inside the container is a good default because it enables ssh-agent to work or if that should be a required step by those wishing to use ssh-agent and is there for simply documented.