ansible.posix icon indicating copy to clipboard operation
ansible.posix copied to clipboard

Published 20 hours ago verified publisher icon ansible-collections

authorized_key "invalid key specified" when attempting to retrieve pub keys from github / gitlab

Open madeinoz67 opened this issue 4 years ago • 7 comments

SUMMARY

when attempting to retrieve ssh public key from github / gitlab in the form of https://gitlab.com/user.keys task fails with following error

"msg": "invalid key specified: <!DOCTYPE html>"

ISSUE TYPE
  • Bug Report
COMPONENT NAME

authorized_key

ANSIBLE VERSION
ansible 2.9.14
  config file = /Users/seaton/Documents/src/ansible-production/ansible.cfg
  configured module search path = ['/Users/seaton/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/Cellar/ansible/2.9.14/libexec/lib/python3.9/site-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 3.9.0 (default, Oct 27 2020, 14:15:17) [Clang 12.0.0 (clang-1200.0.32.21)]
CONFIGURATION
DEFAULT_MANAGED_STR(/Users/seaton/Documents/src/ansible-production/ansible.cfg) = WARNING: This file is Ansible managed - any manual changes will be overwritten
DEFAULT_ROLES_PATH(/Users/seaton/Documents/src/ansible-production/ansible.cfg) = ['/Users/seaton/Documents/src/ansible-production/roles']
HOST_KEY_CHECKING(/Users/seaton/Documents/src/ansible-production/ansible.cfg) = False
OS / ENVIRONMENT

target os: Centos 7

STEPS TO REPRODUCE

run authorized_keys task against gitlab / github to retrieve a users public ssh key

  vars:
    users_list:
    - username: gitlab-runner
      type: admin
      state: present
    - username: ansible
      type: admin
      state: present

    gitlab_host: gitlab.xxx.xx

  - name: Get gitlab key(s) and update the authorized_keys file
    authorized_key:
      user: "{{ item.username }}"
      key: "https://{{ gitlab_host }}/{{ item.username }}.keys"
      state: present
      validate_certs: False
    when: item.get('state', 'present') == 'present'
    with_items: "{{ users_list }}"
    tags:
      - users
      - sshkeys
EXPECTED RESULTS

work as it previously did, retrieve the ssh pubkeys for the user and add to the relevant users authorized_keys on the remote host

ACTUAL RESULTS

Error received

failed: [172.16.x.xx] (item={'username': 'gitlab-runner', 'type': 'admin', 'state': 'present'}) => {
    "ansible_loop_var": "item",
    "changed": false,
    "invocation": {
        "module_args": {
            "comment": null,
            "exclusive": false,
            "follow": false,
            "key": "https://gitlab.xxx.xx/gitlab-runner.keys",
            "key_options": null,
            "keyfile": "/home/gitlab-runner/.ssh/authorized_keys",
            "manage_dir": true,
            "path": null,
            "state": "present",
            "user": "gitlab-runner",
            "validate_certs": false
        }
    },
    "item": {
        "state": "present",
        "type": "admin",
        "username": "gitlab-runner"
    },
    "msg": "invalid key specified: <!DOCTYPE html>"
}

madeinoz67 avatar Nov 04 '20 07:11 madeinoz67

I can confirm this

rgevaert avatar Nov 29 '20 10:11 rgevaert

This playbook works for me:

- name: test authorized_keys
  hosts: localhost
  tasks:
      - name: Get github key and update the authorized_keys file
        authorized_key:
          user: username
          key: "https://github.com/aminvakil.keys"
          state: present

Also with key: "https://gitlab.com/aminvakil.keys":

changed: [localhost] => {
    "changed": true,
    "comment": null,
    "exclusive": false,
    "follow": false,
    "invocation": {
        "module_args": {
            "changed": true,
            "comment": null,
            "exclusive": false,
            "follow": false,
            "key": "https://gitlab.com/aminvakil.keys",
            "key_options": null,
            "keyfile": "/home/username/.ssh/authorized_keys",
            "manage_dir": true,
            "path": null,
            "state": "present",
            "user": "username",
            "validate_certs": true
        }
    },
    "key": "https://gitlab.com/aminvakil.keys",
    "key_options": null,
    "keyfile": "/home/username/.ssh/authorized_keys",
    "manage_dir": true,
    "path": null,
    "state": "present",
    "user": "username",
    "validate_certs": true
}

Also with

          key: "https://140.82.121.3/aminvakil.keys"
          validate_certs: false

which 140.82.121.3 is one of github ips, also works.

$ ansible --version
ansible 2.10.3
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/username/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.8/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.8.6 (default, Sep 30 2020, 04:00:38) [GCC 10.2.0]

aminvakil avatar Nov 29 '20 13:11 aminvakil

My keyfile has multiple keys. Could that be the issue?

.

rgevaert avatar Nov 29 '20 14:11 rgevaert

My keyfile has multiple keys. Could that be the issue?

@rgevaert I've just tried your public github keys (which are 2) and it was fine as well.

Both public keys were added to the user authorized_keys.

aminvakil avatar Nov 29 '20 17:11 aminvakil

I'm using ansible: Installed: 2.9.6+dfsg-1 Candidate: 2.9.6+dfsg-1 Version table: *** 2.9.6+dfsg-1 500

rgevaert avatar Dec 05 '20 16:12 rgevaert

@madeinoz67 I am not able to reproduce this. Could you please verify if URL is correct and return ssh keys only? I can '' in error message 'invalid key specified: ' which shows that fetch_url call was successful but returned HTML page instead of the raw file containing ssh keys.

Akasurde avatar Jun 04 '21 11:06 Akasurde

@madeinoz67 Any news?

Akasurde avatar Jun 16 '21 10:06 Akasurde