Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-45065

ansible plugin does not use "private" credentials

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: In Progress (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Component/s: ansible-plugin
    • Labels:
      None
    • Environment:
      Jenkins 2.6.3
      ansible-plugin 0.6.2
      credentials-plugin 2.1.14

      on a linux box
    • Similar Issues:

      Description

      I'm trying to pass a "private" credentialsId (in "Stores scoped to User: my_login", as opposed to the global credentials store) to the ansible plugin with a pipeline like 

      pipeline {
          agent any
          stages {  
              stage('ssh-ansible-test') {                                                                                                                                                                                                                                                     
                  steps {                                                                                                                                                                                                                                                             
                      wrap([$class: 'MaskPasswordsBuildWrapper']) {                                                                                                                                                                                                                   
                          ansiColor('xterm') {                                                                                                                                                                                                                                        
                              timestamps {
                                  ansiblePlaybook(                                                                                                                                                                                                                                    
                                      [                                                                                                                                                                                                                                               
                                          colorized: true,                                                                                                                                                                                                                            
                                          credentialsId: "MY_PRIVATE_SSH_KEY",                                                                                                                                                                                                      
                                          inventory: 'hosts',                                                                                                                                                                                                   
                                          playbook: 'test.yml'                                                                                                                                                                                                                
                                      ]                                                                                                                                                                                                                                               
                                  )
                              }                                                                                                                                                                                                                                                       
                          }                                                                                                                                                                                                                                                           
                      } 
                  }
              }                                   
          }
      }
      

      but keep getting

      fatal: [my.machine.fqdn]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Permission denied (publickey,password,keyboard-interactive).\r\n", "unreachable": true}
      

      When I do the same with a globally scoped credentialId, it works ok.

      Could it be that ansible-plugin does not have access to these credentials and if so, could this be changed please?

      I'd like to be able to make sure a logged-in-user uses his/her own private ssh key to run ansible on target machines.

        Attachments

          Activity

          Hide
          svenxy Sven Hergenhahn added a comment -

          in the job log, I can see:

          ansible-playbook test.yml -i hosts
          

          as opposed to

          ansible-playbook test.yml -i hosts  --private-key /data/jenkins/xxx/workspace/svh/ssh7063913667383236371.key -u myuser
          
          Show
          svenxy Sven Hergenhahn added a comment - in the job log, I can see: ansible-playbook test.yml -i hosts as opposed to ansible-playbook test.yml -i hosts -- private -key /data/jenkins/xxx/workspace/svh/ssh7063913667383236371.key -u myuser
          Hide
          mkurdyukov Maksym Kurdyukov added a comment - - edited

          Hi,

          For me defect reproduced with the same steps.

          When I attempt refer to User-specific credentials, plugin remove 'user' and 'private-key' from command line.

          Looks as 'credentials' is null in https://github.com/jenkinsci/ansible-plugin/blob/master/src/main/java/org/jenkinsci/plugins/ansible/AbstractAnsibleInvocation.java line 226.

           

          Steps to reproduce:

          1. Config job with SSHKey or SecretText credential parameter
          2. Login as non-admin and add user specific credential with required type (Top-level user menu -> credentials)
          3. Attempt run playbook with it from the same account

          Result: User and key not added to CLI arguments.

           

          Show
          mkurdyukov Maksym Kurdyukov added a comment - - edited Hi, For me defect reproduced with the same steps. When I attempt refer to User-specific credentials, plugin remove 'user' and 'private-key' from command line. Looks as 'credentials' is null in https://github.com/jenkinsci/ansible-plugin/blob/master/src/main/java/org/jenkinsci/plugins/ansible/AbstractAnsibleInvocation.java line 226.   Steps to reproduce: Config job with SSHKey or SecretText credential parameter Login as non-admin and add user specific credential with required type (Top-level user menu -> credentials) Attempt run playbook with it from the same account Result: User and key not added to CLI arguments.  

            People

            • Assignee:
              michaelcresswell Michael Cresswell
              Reporter:
              svenxy Sven Hergenhahn
            • Votes:
              3 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated: