Level up your business security with free, on-demand training and certification. Explore 1Password Academy today →
Forum Discussion
Solved
ssh agent and ansible 12 prompting incessantly
I've been using the SSH Agent in 1Password for a couple of years now, with very little trouble. This includes lots of SSH to individual machines as well as a fair amount of ansible scripting using v...
So, after months of using a rolled-back version, I sat down to do some further diagnosis on this after realizing that it was only happening with one set of Ansible playbooks. In the end, the problem was a change in how Ansible lazily evaluates some variables. In my case, for these playbooks, I needed to use sudo, which required a password which was pulled from 1password. That was being evaluated for every single step that used become (which in this playbook was most of them).
The solution in my case was to pre-fetch the values from 1password early in the playbook using set_fact, which reduced the number of fetch requests to one for the playbook and I'm now able to move forward again.
Nice to know the problem (at least in my case) wasn't the SSH agent at all. Took quite some time to track this down, but eventually I was monitoring the SSH connections and they were clearly being reused, which was a strong indication it wasn't the agent being pinged separately.
So, after months of using a rolled-back version, I sat down to do some further diagnosis on this after realizing that it was only happening with one set of Ansible playbooks. In the end, the problem was a change in how Ansible lazily evaluates some variables. In my case, for these playbooks, I needed to use sudo, which required a password which was pulled from 1password. That was being evaluated for every single step that used become (which in this playbook was most of them).
The solution in my case was to pre-fetch the values from 1password early in the playbook using set_fact, which reduced the number of fetch requests to one for the playbook and I'm now able to move forward again.
Nice to know the problem (at least in my case) wasn't the SSH agent at all. Took quite some time to track this down, but eventually I was monitoring the SSH connections and they were clearly being reused, which was a strong indication it wasn't the agent being pinged separately.
