Hello,
I’m trying to use the ec2_win_password module to retrieve the default Administrator password for an EC2 instance. I had a play working and then upgraded to Ansible 2.4. I added the cryptography module as the notes indicate. My play continually fails returning a message that it can’t parse the key file (and the key file is not encrypted).
I ran a test where I encrypted the key file and provided a passphrase in the play and things did work successfully.
Would anyone have any thoughts on why this might be failing with an unecrypted key and no password? Below is the debug output from the play.
It kind of feels to me like it thinks a password is being given even though I don’t mention the parameter in the play. As such, it’s existing because the key is not encrypted.
Thank you
Ryan
ansible-playbook 2.4.0.0
config file = None
configured module search path = [u’/Users/rhowe/.ansible/plugins/modules’, u’/usr/share/ansible/plugins/modules’]
ansible python module location = /Library/Python/2.7/site-packages/ansible
executable location = /usr/local/bin/ansible-playbook
python version = 2.7.10 (default, Feb 7 2017, 00:08:15) [GCC 4.2.1 Compatible Apple LLVM 8.0.0 (clang-800.0.34)]
No config file found; using defaults
setting up inventory plugins
Parsed /etc/ansible/hosts inventory source with ini plugin
Loading callback plugin default of type stdout, v2.0 from /Library/Python/2.7/site-packages/ansible/plugins/callback/init.pyc
PLAYBOOK: 03_retrieve_admin_password.yml *********************************************************************************************************************************************
1 plays in 03_retrieve_admin_password.yml
PLAY [localhost] *********************************************************************************************************************************************************************
META: ran handlers
TASK [Get Administrator Password] ****************************************************************************************************************************************************
task path: /Users/rhowe/ansible_scripts/03_retrieve_admin_password.yml:10
Using module_utils file /Library/Python/2.7/site-packages/ansible/module_utils/_text.py
Using module_utils file /Library/Python/2.7/site-packages/ansible/module_utils/basic.py
Using module_utils file /Library/Python/2.7/site-packages/ansible/module_utils/ec2.py
Using module_utils file /Library/Python/2.7/site-packages/ansible/module_utils/six/init.py
Using module_utils file /Library/Python/2.7/site-packages/ansible/module_utils/parsing/convert_bool.py
Using module_utils file /Library/Python/2.7/site-packages/ansible/module_utils/parsing/init.py
Using module_utils file /Library/Python/2.7/site-packages/ansible/module_utils/pycompat24.py
Using module_utils file /Library/Python/2.7/site-packages/ansible/module_utils/cloud.py
Using module file /Library/Python/2.7/site-packages/ansible/modules/cloud/amazon/ec2_win_password.py
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: rhowe
<127.0.0.1> EXEC /bin/sh -c ‘echo ~ && sleep 0’
<127.0.0.1> EXEC /bin/sh -c ‘( umask 77 && mkdir -p “echo /Users/rhowe/.ansible/tmp/ansible-tmp-1506010305.03-241574263221967” && echo ansible-tmp-1506010305.03-241574263221967=“echo /Users/rhowe/.ansible/tmp/ansible-tmp-1506010305.03-241574263221967” ) && sleep 0’
<127.0.0.1> PUT /var/folders/92/sndgxv6s3dnfhpptzcbf98k80000gn/T/tmpwA8R2C TO /Users/rhowe/.ansible/tmp/ansible-tmp-1506010305.03-241574263221967/ec2_win_password.py
<127.0.0.1> EXEC /bin/sh -c ‘chmod u+x /Users/rhowe/.ansible/tmp/ansible-tmp-1506010305.03-241574263221967/ /Users/rhowe/.ansible/tmp/ansible-tmp-1506010305.03-241574263221967/ec2_win_password.py && sleep 0’
<127.0.0.1> EXEC /bin/sh -c ‘/usr/bin/python /Users/rhowe/.ansible/tmp/ansible-tmp-1506010305.03-241574263221967/ec2_win_password.py; rm -rf “/Users/rhowe/.ansible/tmp/ansible-tmp-1506010305.03-241574263221967/” > /dev/null 2>&1 && sleep 0’
The full traceback is:
File “/var/folders/92/sndgxv6s3dnfhpptzcbf98k80000gn/T/ansible_vLagCP/ansible_module_ec2_win_password.py”, line 167, in main
key = load_pem_private_key(f.read(), b_key_passphrase, BACKEND)
File “/Library/Python/2.7/site-packages/cryptography/hazmat/primitives/serialization.py”, line 20, in load_pem_private_key
return backend.load_pem_private_key(data, password)
File “/Library/Python/2.7/site-packages/cryptography/hazmat/backends/openssl/backend.py”, line 1006, in load_pem_private_key
password,
File “/Library/Python/2.7/site-packages/cryptography/hazmat/backends/openssl/backend.py”, line 1231, in _load_key
“Password was given but private key is not encrypted.”)
fatal: [localhost]: FAILED! => {
“changed”: false,
“failed”: true,
“invocation”: {
“module_args”: {
“aws_access_key”: “xxxxxxxxxxxx”,
“aws_region”: “us-east-1”,
“aws_secret_key”: “VALUE_SPECIFIED_IN_NO_LOG_PARAMETER”,
“ec2_url”: null,
“instance_id”: “i-xxxxxxxx”,
“key_file”: “/Users/rhowe/Documents/ssh_keys/KeyFileName.pem”,
“key_passphrase”: null,
“profile”: null,
“region”: “us-east-1”,
“security_token”: null,
“validate_certs”: true,
“wait”: false,
“wait_timeout”: “120”
}
},
“msg”: “unable to parse key file”
}