Galaxy SSH configuration?

[tomdaley92]

Hi there,

Thanks for writing this action! We use a lot of internally developed ansible roles that are stored in github enterprise and need to be able to grab them with ansible galaxy, however we are getting Host key verification failed. during the galaxy role install process. This is for private repos on GitHub Enterprise, expecting to use the same SSH KEY provided for the playbook run as authentication for the git URLs. I've added the known_hosts content for our github server and we're still getting the same error.

My questions are:

• Does this Action use the playbook SSH key for SSH-based Galaxy installs?
• Does this Action use the known_hosts content for SSH-based Galaxy installs?

example requirements.yaml with a git url:

roles:
  - name: some-private-ansible-role
    scm: git
    src: "git@github.example.com:OCC/ansible-role-private-repo.git"
    version: 0.0.1rc1

[dawidd6]

I don't think there is any explicit support for that. Someone would need to implement and test this.

[tomdaley92]

Got it, thanks!

[thehedhly]

Hi, identity file support by ansible-galaxy is not yet implemented, please see https://github.com/ansible/galaxy/issues/337

[alorence]

I solved the same issue by pulling dependencies using ansible-galaxy BEFORE running action-ansible-playbook

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: https://github.com/actions/checkout@v4

      - name: Install Ansible and pull dependencies
        run: |
          python -m pip install ansible
          mkdir -p ~/.ssh && echo "${{ vars.GITEA_KNOWN_HOSTS }}" > ~/.ssh/known_hosts
          eval $(ssh-agent -s) && echo "${{ secrets.PRIVATE_KEY }}" | tr -d '\r' | ssh-add -
          ansible-galaxy install -r requirements.yml

      - name: Run Ansible playbook
        uses: https://github.com/dawidd6/action-ansible-playbook@v2
        with:
          playbook: playbook.yml
          directory: ./
          key: ${{ secrets.PRIVATE_KEY }}
          known_hosts: ${{ TARGET_KNOWN_HOSTS }}
          vault_password: ${{ secrets.VAULT_PASSWORD }}

Important:

• The public key of the git server must be added to ~/.ssh/known_host to ensure Host key verification will succeed
• The private key allowed to clone the collection using ssh must be registered with ssh-add

Note: this example is run with Gitea Actions (which is basically the same as GitHub Actions), but I did not test it on GitHub. In particular, I am not sure of the right syntax to use repository-level variables. Gitea Actions uses ${{ vars.VARIABLE_NAME }}