action-ansible-playbook icon indicating copy to clipboard operation
action-ansible-playbook copied to clipboard

Published 20 hours ago verified publisher icon dawidd6

Galaxy SSH configuration?

Open tomdaley92 opened this issue 1 year ago • 4 comments

Hi there,

Thanks for writing this action! We use a lot of internally developed ansible roles that are stored in github enterprise and need to be able to grab them with ansible galaxy, however we are getting Host key verification failed. during the galaxy role install process. This is for private repos on GitHub Enterprise, expecting to use the same SSH KEY provided for the playbook run as authentication for the git URLs. I've added the known_hosts content for our github server and we're still getting the same error.

My questions are:

  • Does this Action use the playbook SSH key for SSH-based Galaxy installs?
  • Does this Action use the known_hosts content for SSH-based Galaxy installs?

example requirements.yaml with a git url:

roles:
  - name: some-private-ansible-role
    scm: git
    src: "[email protected]:OCC/ansible-role-private-repo.git"
    version: 0.0.1rc1

tomdaley92 avatar Jul 14 '23 23:07 tomdaley92

I don't think there is any explicit support for that. Someone would need to implement and test this.

dawidd6 avatar Jul 15 '23 07:07 dawidd6

Got it, thanks!

tomdaley92 avatar Jul 16 '23 15:07 tomdaley92

Hi, identity file support by ansible-galaxy is not yet implemented, please see https://github.com/ansible/galaxy/issues/337

thehedhly avatar Jan 16 '24 11:01 thehedhly

I solved the same issue by pulling dependencies using ansible-galaxy BEFORE running action-ansible-playbook

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: https://github.com/actions/checkout@v4

      - name: Install Ansible and pull dependencies
        run: |
          python -m pip install ansible
          mkdir -p ~/.ssh && echo "${{ vars.GITEA_KNOWN_HOSTS }}" > ~/.ssh/known_hosts
          eval $(ssh-agent -s) && echo "${{ secrets.PRIVATE_KEY }}" | tr -d '\r' | ssh-add -
          ansible-galaxy install -r requirements.yml

      - name: Run Ansible playbook
        uses: https://github.com/dawidd6/action-ansible-playbook@v2
        with:
          playbook: playbook.yml
          directory: ./
          key: ${{ secrets.PRIVATE_KEY }}
          known_hosts: ${{ TARGET_KNOWN_HOSTS }}
          vault_password: ${{ secrets.VAULT_PASSWORD }}

Important:

  • The public key of the git server must be added to ~/.ssh/known_host to ensure Host key verification will succeed
  • The private key allowed to clone the collection using ssh must be registered with ssh-add

Note: this example is run with Gitea Actions (which is basically the same as GitHub Actions), but I did not test it on GitHub. In particular, I am not sure of the right syntax to use repository-level variables. Gitea Actions uses ${{ vars.VARIABLE_NAME }}

alorence avatar Apr 17 '24 12:04 alorence