Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSH Key should be a runtime variable #213

Closed
cooktheryan opened this issue Jun 12, 2023 · 7 comments
Closed

SSH Key should be a runtime variable #213

cooktheryan opened this issue Jun 12, 2023 · 7 comments
Assignees
@resoluteCoder
Labels
approved pm aprroved to work bug Something isn't working
Milestone
GA

Comments

@cooktheryan
Copy link
Contributor

Currently attempting to run osbuild_populate_aap.yml and hitting the following err

TASK [infra.osbuild.populate_aap : Set controller credentials facts] ********************************************************************************************************
[WARNING]: Unable to find '/home/user/.ssh/id_rsa' in expected paths (use -vvvvv to see paths)
fatal: [localhost]: FAILED! => {"msg": "An unhandled exception occurred while templating '[{'name': '{{ populate_aap_credential_name }}', 'organization': '{{ populate_aap_organization_name }}', 'credential_type': 'Machine', 'inputs': {'username': 'user', 'ssh_key_data': \"{{ lookup('file', '/home/user/.ssh/id_rsa') }}\"}}]'. Error was a <class 'ansible.errors.AnsibleError'>, original message: An unhandled exception occurred while running the lookup plugin 'file'. Error was a <class 'ansible.errors.AnsibleError'>, original message: could not locate file in lookup: /home/user/.ssh/id_rsa. could not locate file in lookup: /home/user/.ssh/id_rsa"}
@matoval
Copy link
Collaborator

matoval commented Jun 12, 2023

The path for ssh_key_data should be the path to the sshkey you'd like to use. /home/user/.ssh/id_rsa is just a placeholder.

@resoluteCoder
Copy link
Collaborator

I believe the issue is replacing user with your local user account name. 😄

@resoluteCoder
Copy link
Collaborator

resoluteCoder commented Jun 12, 2023
edited
Loading

This comes from having to use essentially an ephemeral private ssh key for aap. I think we should do the automation for that inside the populate_aap role.

  • Create tmp ssh key pair to use with aap
  • Cleanup (remove tmp ssh key)

@matoval wdyt? 😄

@matoval
Copy link
Collaborator

matoval commented Jun 12, 2023

This comes from having to use essentially an ephemeral private ssh key for aap. I think we should do the automation for that inside the populate_aap role.

  • Create tmp ssh key pair to use with aap
  • Cleanup (remove tmp ssh key)

@matoval wdyt? smile

That makes sense to me since the private key is only for AAP.

@chadmf
Copy link
Collaborator

chadmf commented Jun 15, 2023

The public keys that associate with that private key are what get populated out to servers so aap can connect to them. It could be considered a security risk to generate and put random keys into a management tool.

@chadmf
Copy link
Collaborator

chadmf commented Jun 15, 2023
edited
Loading

The path for ssh_key_data should be the path to the sshkey you'd like to use. /home/user/.ssh/id_rsa is just a placeholder.

The variable should probably only hold the location of the key not the read file portion.

@resoluteCoder resoluteCoder added the bug Something isn't working label Jul 14, 2023
@resoluteCoder resoluteCoder self-assigned this Jul 14, 2023
@resoluteCoder resoluteCoder mentioned this issue Jul 17, 2023
Closed
7 tasks
@chadmf chadmf added this to the GA milestone Jul 19, 2023
@chadmf chadmf added the approved pm aprroved to work label Jul 19, 2023
@resoluteCoder
Copy link
Collaborator

Completed by #265

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@resoluteCoder resoluteCoder

Labels
approved pm aprroved to work bug Something isn't working
Projects
None yet
Milestone
GA
Development

No branches or pull requests
4 participants
@cooktheryan @chadmf @resoluteCoder @matoval