Closed agilleyrh closed 9 months ago
briantist
commented
1 year ago Hi @agilleyrh , it sounds like you might be talking about SSH keys, which I don't think is something that this collection could solve for. This collection works with HashiCorp Vault.
If the issue is indeed about this collection, could you show some sample Ansible you're running that demonstrates the issue? Thanks!
agilleyrh
commented
1 year ago @briantist it's not regular SSH keys, it is with HashiCorp. For example, in "The Workflow Outline" section of:
https://www.hashicorp.com/blog/managing-ssh-access-at-scale-with-hashicorp-vault
Ansible will have the key needed, but if a disconnect such as reboot happens and a new key is needed, it does not automatically try to reauth.
I hope this makes more sense. I don't know much about HashiCorp to know more of the technical aspects on that side.
briantist
commented
1 year ago @agilleyrh what I need is an example of what you are running in Ansible, or sample Ansible that you would like to work (but doesn't right now), to help me understand what you're trying to do.
The link you sent is about a Vault feature but is not related to Ansible or this collection, so I'm having trouble understanding how you are trying to put these things together, or how you envision them working together.
briantist
commented
9 months ago Closing for inactivity, but feel free to comment again if this should be reopened.
SUMMARY
When running Ansible playbooks that take a long time to complete, keys may have changed and jobs will fail. When a new fork is spawned.
ISSUE TYPE
Need a way to have credentials renew automatically if they expire. If running a job against numerous hosts, if the TTL value is low, the keys will change before it is able to complete the playbooks against all the hosts.
COMPONENT NAME
SSHKS I believe.
ADDITIONAL INFORMATION
When running a playbook and connecting to a host whose key has been updated since the initial key gathering, get a new key and reconnect.