Issue with creating .ssh directory to pass ssh key

alainseys · August 21, 2024, 3:39pm

Hy i am using ansible with AWX on a K3S cluster and i have some issues, when creating the .ssh directory. Gives me evrythime the error that access is denied or that it cant write to it.

i have tried with privilege access but that does not seems to work either.
What i want to become is that an ssh key that is present in the awx that this is passed to the execution node, so i can backup my swithc config using git.

this should be posible i have seen this here , but i seem to miss somthing …

I have create the custom ssh credential type and linked it to the playbook with the switch credentials

does anyone have some ideas ?

- name: Create .ssh folder
  become: true
  run_once: true
  delegate_to: localhost
  ansible.builtin.file:
    path: /root/.ssh
    state: directory
    mode: '0777'
  register: create_result

- name: create the ssh key file based on the supplied cred
  become: true
  run_once: true
  delegate_to: localhost
  ansible.builtin.copy:
    dest: ~/.ssh/id_rsa
    content: "{{ cert_key }}"
    mode: '0600'

{
  "module_stdout": "",
  "module_stderr": "Traceback (most recent call last):\n  File \"/runner/.ansible/tmp/ansible-tmp-1724254291.0380187-30-217917007745715/AnsiballZ_file.py\", line 107, in <module>\n    _ansiballz_main()\n  File \"/runner/.ansible/tmp/ansible-tmp-1724254291.0380187-30-217917007745715/AnsiballZ_file.py\", line 99, in _ansiballz_main\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n  File \"/runner/.ansible/tmp/ansible-tmp-1724254291.0380187-30-217917007745715/AnsiballZ_file.py\", line 47, in invoke_module\n    runpy.run_module(mod_name='ansible.modules.file', init_globals=dict(_module_fqn='ansible.modules.file', _modlib_path=modlib_path),\n  File \"/usr/lib64/python3.9/runpy.py\", line 225, in run_module\n    return _run_module_code(code, init_globals, run_name, mod_spec)\n  File \"/usr/lib64/python3.9/runpy.py\", line 97, in _run_module_code\n    _run_code(code, mod_globals, init_globals,\n  File \"/usr/lib64/python3.9/runpy.py\", line 87, in _run_code\n    exec(code, run_globals)\n  File \"/tmp/ansible_ansible.builtin.file_payload_8vcma2lk/ansible_ansible.builtin.file_payload.zip/ansible/modules/file.py\", line 987, in <module>\n  File \"/tmp/ansible_ansible.builtin.file_payload_8vcma2lk/ansible_ansible.builtin.file_payload.zip/ansible/modules/file.py\", line 973, in main\n  File \"/tmp/ansible_ansible.builtin.file_payload_8vcma2lk/ansible_ansible.builtin.file_payload.zip/ansible/modules/file.py\", line 680, in ensure_directory\n  File \"/tmp/ansible_ansible.builtin.file_payload_8vcma2lk/ansible_ansible.builtin.file_payload.zip/ansible/module_utils/basic.py\", line 1181, in set_fs_attributes_if_different\n  File \"/tmp/ansible_ansible.builtin.file_payload_8vcma2lk/ansible_ansible.builtin.file_payload.zip/ansible/module_utils/basic.py\", line 941, in set_mode_if_different\nPermissionError: [Errno 1] Operation not permitted: b'/root/.ssh'\n",
  "exception": "Traceback (most recent call last):\n  File \"/runner/.ansible/tmp/ansible-tmp-1724254291.0380187-30-217917007745715/AnsiballZ_file.py\", line 107, in <module>\n    _ansiballz_main()\n  File \"/runner/.ansible/tmp/ansible-tmp-1724254291.0380187-30-217917007745715/AnsiballZ_file.py\", line 99, in _ansiballz_main\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n  File \"/runner/.ansible/tmp/ansible-tmp-1724254291.0380187-30-217917007745715/AnsiballZ_file.py\", line 47, in invoke_module\n    runpy.run_module(mod_name='ansible.modules.file', init_globals=dict(_module_fqn='ansible.modules.file', _modlib_path=modlib_path),\n  File \"/usr/lib64/python3.9/runpy.py\", line 225, in run_module\n    return _run_module_code(code, init_globals, run_name, mod_spec)\n  File \"/usr/lib64/python3.9/runpy.py\", line 97, in _run_module_code\n    _run_code(code, mod_globals, init_globals,\n  File \"/usr/lib64/python3.9/runpy.py\", line 87, in _run_code\n    exec(code, run_globals)\n  File \"/tmp/ansible_ansible.builtin.file_payload_8vcma2lk/ansible_ansible.builtin.file_payload.zip/ansible/modules/file.py\", line 987, in <module>\n  File \"/tmp/ansible_ansible.builtin.file_payload_8vcma2lk/ansible_ansible.builtin.file_payload.zip/ansible/modules/file.py\", line 973, in main\n  File \"/tmp/ansible_ansible.builtin.file_payload_8vcma2lk/ansible_ansible.builtin.file_payload.zip/ansible/modules/file.py\", line 680, in ensure_directory\n  File \"/tmp/ansible_ansible.builtin.file_payload_8vcma2lk/ansible_ansible.builtin.file_payload.zip/ansible/module_utils/basic.py\", line 1181, in set_fs_attributes_if_different\n  File \"/tmp/ansible_ansible.builtin.file_payload_8vcma2lk/ansible_ansible.builtin.file_payload.zip/ansible/module_utils/basic.py\", line 941, in set_mode_if_different\nPermissionError: [Errno 1] Operation not permitted: b'/root/.ssh'\n",
  "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
  "rc": 1,
  "_ansible_no_log": false,
  "changed": false,
  "_ansible_delegated_vars": {
    "ansible_host": "localhost",
    "ansible_port": null,
    "ansible_user": "root",
    "ansible_connection": "local"
  }
}

konstruktoid · August 22, 2024, 5:48am

Have you tried to perform the task manually? Does that work?
Since you’re getting [Errno 1] Operation not permitted: b'/root/.ssh'\n" it could mean the user isn’t a sudo user.

alainseys · August 22, 2024, 6:00am

Hello Konstruktoid,

i am executing these commands on the local execution environment if i test these commands on a linux box the folder is created with no problem but this needs to run inside the execution enviroment as you can read here Ansible Config As Code With Network Backups To Git And Point-In-Time Rollback | Greg Sowell Saves The World

, i will test something out if i can do this on the jump host and execute the code from here.

binbashroot · August 22, 2024, 12:06pm

Instead of trying to usee those two tasks your playbook. You would be better served by creating a custom credential with a “file” attribute in the injector. See
11. Custom Credential Types — Ansible AWX community documentation. Then you can lookup/use the ssh key as needed for the playbook.

alainseys · August 22, 2024, 2:04pm

Hy binbashroot,

could you give me an example than can i take a look how this would work …

binbashroot · August 22, 2024, 9:19pm

So in AAP/AWX you’ll create a custom credential with fields/injectors as such:

# INPUT CONFIGURATION
fields:
  - id: username
    type: string
  - id: my_ssh_key
    type: string
    format: ssh_private_key
    secret: true
    multiline: true
required:
  - my_ssh_key

#INJECTOR CONFIGURATION
extra_vars:
  my_ssh_key_file: '{{ tower.filename }}'
file:
   template: '{{ my_ssh_key  }}'

Then for your task you can call the key file as such

#EXAMPLE TASK

-  name:  Do git clone
   ansible.builtin.git:
     repo: 'https://foo.example.org/path/to/repo.git'
     dest: /my/dest/path
     key_file: "{{ my_ssh_key_file  }}"

You no longer need your two tasks for creating the folder and copying the key.

system · September 21, 2024, 9:20pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Playbook ssh issues, AWX add ansible- prefix into the real user name Get Help awx , playbook	10	329	October 6, 2023
AWX failing to clone repo from Azure Devops Server 2019 Get Help awx , playbook , azure	3	40	October 5, 2024
SSH error during playbook execution Get Help awx	1	42	September 27, 2024
Make manual projects under /var/lib/awx/projects to create a file using ansible playbook Get Help awx	1	265	February 24, 2024
Ssh-rsa preconfiguration for host Get Help awx	14	326	February 13, 2024

Issue with creating .ssh directory to pass ssh key

Related topics