-
Bug
-
Resolution: Unresolved
-
Major
-
Java 1.7.0_25
ansible 4.0
Jenkins 1.640
Paramiko 1.15.2
It seems like the plugin always tries to find a key in the ~/.ssh/id_rsa file. If the key is encrypted, then Ansible prints the following:
Private key file is encrypted\nTo connect as a different user, use -u <username>.'
If the key is not in this directory then the following is printed:
FAILED: not a valid EC private key file
I also tried using ssh-agent plugin, but it seems like the ansible plugin does some setup that makes Ansible ignore the keys added to the agent. Encrypted keys are correctly read when Ansible is run by executing shell command via Jenkins, using the ssh-agent plugin.
[JENKINS-32384] Password-protected private keys are still unusable
Here it is, I have starred out sensitive information:
[workspace] $ /usr/bin/ansible-playbook services/****.yml -i hosts/docker_hosts.ini -l ****_instance02 -f 1 --private-key /tmp/ssh5523865237140583621.key -u **** -vvv --extra-vars ansible_become_pass=****
PLAY [Deploy the application] *************************************************
TASK: [Stop the container] ****************************************************
<****.****> ESTABLISH CONNECTION FOR USER: **** on PORT 22 TO ****.****
fatal: [****_instance02 -> app_server07] => {'msg': 'FAILED: ssh ****@****.****:22 : Private key file is encrypted\nTo connect as a different user, use -u <username>.', 'failed': True}
FATAL: all hosts have already failed -- aborting
PLAY RECAP ********************************************************************
to retry, use: --limit @/home/jenkins/****.retry
****_instance02 : ok=0 changed=0 unreachable=1 failed=0
Build step 'Invoke Ansible Playbook' marked build as failure
As I said in the issue description, it seems like the /tmp/ssh5523865237140583621.key file is ignored.
Tomasz Maciazek
added a comment - - edited Here it is, I have starred out sensitive information:
[workspace] $ /usr/bin/ansible-playbook services/****.yml -i hosts/docker_hosts.ini -l ****_instance02 -f 1 --private-key /tmp/ssh5523865237140583621.key -u **** -vvv --extra-vars ansible_become_pass=****
PLAY [Deploy the application] *************************************************
TASK: [Stop the container] ****************************************************
<****.****> ESTABLISH CONNECTION FOR USER: **** on PORT 22 TO ****.****
fatal: [****_instance02 -> app_server07] => {'msg': 'FAILED: ssh ****@****.****:22 : Private key file is encrypted\nTo connect as a different user, use -u <username>.', 'failed': True}
FATAL: all hosts have already failed -- aborting
PLAY RECAP ********************************************************************
to retry, use: --limit @/home/jenkins/****.retry
****_instance02 : ok=0 changed=0 unreachable=1 failed=0
Build step 'Invoke Ansible Playbook' marked build as failure
As I said in the issue description, it seems like the /tmp/ssh5523865237140583621.key file is ignored. Hi Tomasz,
In your description you mentioned that this is still unusable. Do you know as of when? Has this always been the case that you're aware of, or did you notice this in a specific version before 4.0?
Tomasz Maciazek
added a comment - Hi Rob,
I only tried v3.1 and v4.0. I have never been using this plugin before.
Tomasz Maciazek
added a comment - Hi Rob,
I only tried v3.1 and v4.0. I have never been using this plugin before. 
I'm going to investigate the issue. Can you attach the build console output (at least the ansible invocation) ? Are you executing ansible from a Llinux or a OSX slave?