How/where have to set the ssh key to clone roles using /roles/requirements.yml?

[DaniPorras02]

Getting this error on github-actions workflow when running megalinter to a playbooks project with /roles/requirements.yml:

ERROR [WARNING]: - role-name was NOT installed successfully: - command /usr/bin/git clone [email protected]:compamny/role-name.git role- name failed in directory /root/.ansible/tmp/ansible- local(...) - Cloning into 'role-name'... Host key verification failed. fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. ERROR! - you can use --ignore-errors to skip failed roles and finish processing the list.

The requirements.yml is using ssh to clone the roles

• Used SSH_KEY as env -> didn't work
• Used pre command to copy my .ssh/id_rsa to /root/.ssh inside the megalinter container -> didn't work
• Used key works in the regular environment

[alexanderbazhenoff]

@DaniPorras02 I want to clarify:

1. Roles/collections from GitLab or GitHub?
2. Can you provide a content of your requirements.yml?

Used SSH_KEY as env -> didn't work

I am not sure that you really need a ssh connection to install your ansible collection(s), just because requirements also works with git via http(s), not only Ansible Galaxy.

If your roles are public you can publish them to Ansible Galaxy. Then you can install them using standard dependeicies, e.g.: namespace.collection_name. It's also works with a single role.

If you still need to install your requirements using git, I believe you can put your access token in the URL: PAT for GitHub, or PAT for GitLab. You can also pass your personal access token to env variables and hide them from logs.

The only thing I don't remember is about using variables inside requirements.yml, but you can template them before linting using pre-commands (also PRE_COMMANDS env variable).

Used pre command to copy my .ssh/id_rsa to /root/.ssh inside the megalinter container -> didn't work

If you still need a git ssh, need more outputs after your ssh copy commands to troubleshoot:

whoami
echo "pwd is $(pwd)"
echo "home: $HOME"
ls -lh "$HOME"
ls -lh "$HOME/.ssh"
cat "$HOME/.ssh/config"
grep -vE "^#" /etc/ssh/ssh_config
ssh -v -p <5561_or_your_custom_port> git@<your_gitlab_host> 'exit'

Hope it helps...

PS:

I think this question is more about 'automatically install ansible requirements' :)

ansible-galaxy install -r requirements.yml

As for me, I never tried using tokens in requirements.yml for the next reasons:

1. I have a public Ansible Galaxy collection for my personal project.

2. We have force pre-install job in our corporate GitLab CI:

   cd <ansible_collection_folder>
   ansible-galaxy collection build
   ansible-galaxy collection install $(ls -1 | grep ".tar.gz") -f
   

[nvuillam]

I never used ansible, but would a pre-command work ?

Something like

PRE_COMMANDS:
  - command: ansible-galaxy install -r requirements.yml
    cwd: "workspace"   # Will be run at the root of the workspace (usually your repository root)
    continue_if_failed: False  # Will stop the process if command is failed (return code > 0)

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.

If you think this issue should stay open, please remove the O: stale 🤖 label or comment on the issue.