cs_instance -> ssh_key doesn't work

ngine-io / ansible-collection-cloudstack

CloudStack Ansible Collections

https://galaxy.ansible.com/ngine_io/cloudstack

GNU General Public License v3.0

21 stars 27 forks source link

cs_instance -> ssh_key doesn't work #104

Closed stardom3645 closed 2 years ago

stardom3645 commented 2 years ago

ISSUE TYPE
- Bug Report
EVN cloudstack: 4.16 ansible: core 2.12.2 ngine_io.cloudstack: 2.2.4 cs: 3.0.0
SUMMARY I tried to deploy instance with ssh_key but it(using cs module) did not write Public key on "~/.ssh/authorized_keys" I tested with the same ssh_key with cloudstack(using UI), and it worked well.

Everything seemed fine on Cloudstack but "~/.ssh/authorized_keys" file is empty.

rvalle commented 2 years ago

@stardom3645 I have this working in my playbooks, can you copy the ansible code of how do you create your instance?

rvalle commented 2 years ago

@stardom3645 please note that when creating an instance you pass the name of the ssh key, then there is another module to create the ssh key in ACS.

stardom3645 commented 2 years ago

@rvalle This is the ansible code what i ran.

---
- name: Deploy VirtualMachine
  hosts: localhost
  gather_facts: no
  tasks:
    - name: Deploy VirtualMachine
      cs_instance:
        api_url: "{{ API_URL }}"
        api_key: "{{ API_KEY }}"
        api_secret: "{{SECRET_KEY }}"
        zone: Zone
        name: deployed-vm2
        template: centos8.5-0525
        service_offering: 2C-4GB-RBD
        ssh_key: deployed-vm2
        networks:
          - network1

Thank you for your sincerity, but the second answer is difficult to understand. are there any restrictions I should be aware of?

rvalle commented 2 years ago

@stardom3645 You have to check that the entry with name "deployed-vm2" exists in the UI in Compute/SSH Key Pairs.

Or you can use the module cs_sshkeypair before the cs_instance to ensure it is there.

It is technically possible that the centos8.5-0525 template is not ready to take the ssh key, but you mentioned that launching the image in the UI works, I assume you are using the same template. So, it should work exactly the same from the module.

You are not using user-data in the UI right?

Do you get any error when running the ansible_playbook?

resmo commented 2 years ago

this does not look like a bug on ansible side. ssh key gets configured in the api.

How the key gets into your VM really depends on the implementation of the VM template.

is this your cloudstack on premise or a public cloud provider using cloudstack?
if on premise, did you implement a ssh key management into your template like so http://docs.cloudstack.apache.org/en/latest/adminguide/virtual_machines.html#creating-an-instance-template-that-supports-ssh-keys
if cloud provider, ask your cloud provider how this is suppose to work

stardom3645 commented 2 years ago

@resmo @rvalle Thank you for reply.

I tried everything you mentioned.

Under the same conditions(template, ssh_key and everything else) it worked on CloudStack-UI but did not work on Playbook-cs module (the public key was not registered in the "~/.ssh/authorized_keys" file.)

After that, I ran the tests and found the cause of the problem.

existing ansible-playbook
- deploy vm with ssh_key -> another cs module -> another cs module -> ....
new ansible-playbook
- deploy vm with ssh_key -> wait_for module(timeout 10 second) -> another cs module -> ....

I added "wait_for moudule" after deploy vm.

I'm not sure exactly why this is, but the problem is solved.

rvalle commented 2 years ago

@stardom3645 there must be something else. the modules use the same API as the UI. I have environments with 100s of VMs, and I don't need to wait after any module, it is actually very reliable.