search

redhat-cop / infra.osbuild

Ansible Collection for management of ostree composer
GNU General Public License v3.0
33 stars 38 forks source link

SSH Key should be a runtime variable #213

Closed cooktheryan closed 1 year ago

cooktheryan commented 1 year ago

Currently attempting to run osbuild_populate_aap.yml and hitting the following err

TASK [infra.osbuild.populate_aap : Set controller credentials facts] ********************************************************************************************************
[WARNING]: Unable to find '/home/user/.ssh/id_rsa' in expected paths (use -vvvvv to see paths)
fatal: [localhost]: FAILED! => {"msg": "An unhandled exception occurred while templating '[{'name': '{{ populate_aap_credential_name }}', 'organization': '{{ populate_aap_organization_name }}', 'credential_type': 'Machine', 'inputs': {'username': 'user', 'ssh_key_data': \"{{ lookup('file', '/home/user/.ssh/id_rsa') }}\"}}]'. Error was a <class 'ansible.errors.AnsibleError'>, original message: An unhandled exception occurred while running the lookup plugin 'file'. Error was a <class 'ansible.errors.AnsibleError'>, original message: could not locate file in lookup: /home/user/.ssh/id_rsa. could not locate file in lookup: /home/user/.ssh/id_rsa"}
matoval commented 1 year ago

The path for ssh_key_data should be the path to the sshkey you'd like to use. /home/user/.ssh/id_rsa is just a placeholder.

resoluteCoder commented 1 year ago

I believe the issue is replacing user with your local user account name. :smile:

resoluteCoder commented 1 year ago

This comes from having to use essentially an ephemeral private ssh key for aap. I think we should do the automation for that inside the populate_aap role.

@matoval wdyt? :smile:

matoval commented 1 year ago

This comes from having to use essentially an ephemeral private ssh key for aap. I think we should do the automation for that inside the populate_aap role.

  • Create tmp ssh key pair to use with aap
  • Cleanup (remove tmp ssh key)

@matoval wdyt? smile

That makes sense to me since the private key is only for AAP.

chadmf commented 1 year ago

The public keys that associate with that private key are what get populated out to servers so aap can connect to them. It could be considered a security risk to generate and put random keys into a management tool.

chadmf commented 1 year ago

The path for ssh_key_data should be the path to the sshkey you'd like to use. /home/user/.ssh/id_rsa is just a placeholder.

The variable should probably only hold the location of the key not the read file portion.

resoluteCoder commented 1 year ago

Completed by https://github.com/redhat-cop/infra.osbuild/pull/265