Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-32384

Password-protected private keys are still unusable

    Details

    • Similar Issues:

      Description

      It seems like the plugin always tries to find a key in the ~/.ssh/id_rsa file. If the key is encrypted, then Ansible prints the following:
      Private key file is encrypted\nTo connect as a different user, use -u <username>.'
      If the key is not in this directory then the following is printed:
      FAILED: not a valid EC private key file

      I also tried using ssh-agent plugin, but it seems like the ansible plugin does some setup that makes Ansible ignore the keys added to the agent. Encrypted keys are correctly read when Ansible is run by executing shell command via Jenkins, using the ssh-agent plugin.

        Attachments

          Activity

          Hide
          sirot Jean-Christophe Sirot added a comment -

          I'm going to investigate the issue. Can you attach the build console output (at least the ansible invocation) ? Are you executing ansible from a Llinux or a OSX slave?

          Show
          sirot Jean-Christophe Sirot added a comment - I'm going to investigate the issue. Can you attach the build console output (at least the ansible invocation) ? Are you executing ansible from a Llinux or a OSX slave?
          Hide
          tomaciazek Tomasz Maciazek added a comment - - edited

          Here it is, I have starred out sensitive information:

          [workspace] $ /usr/bin/ansible-playbook services/****.yml -i hosts/docker_hosts.ini -l ****_instance02 -f 1 --private-key /tmp/ssh5523865237140583621.key -u **** -vvv --extra-vars ansible_become_pass=****
          
          PLAY [Deploy the application] ************************************************* 
          
          TASK: [Stop the container] **************************************************** 
          <****.****> ESTABLISH CONNECTION FOR USER: **** on PORT 22 TO ****.****
          fatal: [****_instance02 -> app_server07] => {'msg': 'FAILED: ssh ****@****.****:22 : Private key file is encrypted\nTo connect as a different user, use -u <username>.', 'failed': True}
          
          FATAL: all hosts have already failed -- aborting
          
          PLAY RECAP ******************************************************************** 
                     to retry, use: --limit @/home/jenkins/****.retry
          
          ****_instance02       : ok=0    changed=0    unreachable=1    failed=0   
          
          Build step 'Invoke Ansible Playbook' marked build as failure
          

          As I said in the issue description, it seems like the /tmp/ssh5523865237140583621.key file is ignored.

          Show
          tomaciazek Tomasz Maciazek added a comment - - edited Here it is, I have starred out sensitive information: [workspace] $ /usr/bin/ansible-playbook services/****.yml -i hosts/docker_hosts.ini -l ****_instance02 -f 1 --private-key /tmp/ssh5523865237140583621.key -u **** -vvv --extra-vars ansible_become_pass=**** PLAY [Deploy the application] ************************************************* TASK: [Stop the container] **************************************************** <****.****> ESTABLISH CONNECTION FOR USER: **** on PORT 22 TO ****.**** fatal: [****_instance02 -> app_server07] => {'msg': 'FAILED: ssh ****@****.****:22 : Private key file is encrypted\nTo connect as a different user, use -u <username>.', 'failed': True} FATAL: all hosts have already failed -- aborting PLAY RECAP ******************************************************************** to retry, use: --limit @/home/jenkins/****.retry ****_instance02 : ok=0 changed=0 unreachable=1 failed=0 Build step 'Invoke Ansible Playbook' marked build as failure As I said in the issue description, it seems like the /tmp/ssh5523865237140583621.key file is ignored.
          Hide
          robduff Rob Duff added a comment -

          Hi Tomasz,

          In your description you mentioned that this is still unusable. Do you know as of when? Has this always been the case that you're aware of, or did you notice this in a specific version before 4.0?

          Show
          robduff Rob Duff added a comment - Hi Tomasz, In your description you mentioned that this is still unusable. Do you know as of when? Has this always been the case that you're aware of, or did you notice this in a specific version before 4.0?
          Hide
          tomaciazek Tomasz Maciazek added a comment -

          Hi Rob,
          I only tried v3.1 and v4.0. I have never been using this plugin before.

          Show
          tomaciazek Tomasz Maciazek added a comment - Hi Rob, I only tried v3.1 and v4.0. I have never been using this plugin before.

            People

            • Assignee:
              sirot Jean-Christophe Sirot
              Reporter:
              tomaciazek Tomasz Maciazek
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: