Hello,
I’m trying to use the GCE module, but so far, I’m not very lucky.
What I have done:
Ok at the end I managed to find out.
The
GCE_PARAMS = (‘id@project.googleusercontent.com’, ‘secret’)
Is not the Compute Engine and App Engine’s email, and the API key, it’s the service’s email and the path to the .pem file
GCE_PARAMS = (‘id@developer.gserviceaccount.com’, ‘/path/to/pemfile.pem’)
And if someone try to use the GCE module, there is also a bug in the latest version of libcloud (0.14.0-beta3), you’ll have to install it directly form the latest code from the git.
Hi Michael,
First, thanks for reporting the bug. I’ve filed https://github.com/ansible/ansible/issues/5583 so feel free to add more details if you’d like. I’ll try and get a fix for an improved error message out soon.
I’ve seen the error “RSA key format is not supported” typically only when the keyfile has not been properly converted to RSA/PEM format. It’s likely redundant information, but just to be clear, the command I use to convert my key is:
$ openssl pkcs12 -in long-hash-keyname.p12 -nodes -nocerts | openssl rsa -out /path/to/converted.pem
When prompted for a password, the default is: notasecret
If I use ‘file’ on both, I see:
long-hash-keyname.p12: data
converted.pem: PEM RSA private key
Make sure you have the latest libcloud installed (pip install apache-libcloud==0.14.0-beta3).
Now, just so we can verify that the key is working and you can at least connect to GCE and extract host information, try this:
Checkout the latest ansible from source and set up the environment,
$ git clone https://github.com/ansible/ansible
$ cd ansible
$ . hacking/env-setup
Create a ‘secrets’ file in your home directory and set the proper values. Alternatively, you should be able to create this file in the PYTHONPATH defined when running “source hacking/env-setup”
$ cat $HOME/secrets.py
GCE_PARAMS = (‘long-hash@developer.gserviceaccount.com’, ‘/path/to/converted.pem’)
GCE_KEYWORD_PARAMS = {‘project’: ‘my_project_id’}
Edit the gce.ini file in the source tree, and set the ‘libcloud_secrets’ variable, the relevant parts for me look like,
$ cat plugins/inventory/gce.ini
[gce]
libcloud_secrets = /home/myusername
Now, you can set an environment variable for the inventory plugin,
$ export GCE_INI_PATH=$HOME/ansible/plugins/inventory/gce.ini
With all that in place, you can try to use the inventory plugin against an existing GCE instance just to see if all the auth stuff is working:
$ ansible/plugins/inventory/gce.py --host myinstance
And you’ll hopefully get back some json about that instance.
Hello,
Thanks for taking the time to explain everything! 
In fact my main problem was the fact I didn’t get quite well what I needed to put in the secrets.py, but now it’s alright and I managed to make everything work perfectly fine.
Just a thing, if someone read this thread to find some answer, you said to use the latest libcloud version, with “pip install 0.14.0-beta3” but people shouldn’t for now. There is a small bug in this version making - at least in my case - the module fails its run.
Raising: http://pastebin.com/Ajuu8Xwb
It’s been fixed into the github, so I think it’ll be ok in the next version
About the credential, I think it would be cool to be able to specify them into an ansible variable. But hey, it’s working fine the way it is now too