Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ssh_authorized_key_file Does not get passed to ansible #42

Open
jeremymcgee73 opened this issue Apr 29, 2021 · 1 comment
Open

ssh_authorized_key_file Does not get passed to ansible #42

jeremymcgee73 opened this issue Apr 29, 2021 · 1 comment
Labels
bug

Comments

@jeremymcgee73
Copy link

jeremymcgee73 commented Apr 29, 2021
edited
Loading

Overview of the Issue

When setting the ssh_authorized_key_file property, it seems to be ignored. The temp key still is generated (which is empty per another issue), and passed to ansible via the ansible_ssh_private_key_file param.

Reproduction Steps

provisioner "ansible" {
    playbook_file    = "main.yml"
    use_proxy        = false
    ansible_env_vars = ["ANSIBLE_CONFIG=ansible.cfg"]
    ssh_authorized_key_file = "privatekey.file"
}

Plugin and Packer version

packer 1.7.0

ansible 2.9.10

Operating system and Environment details

This happens with Windows and RHEL.
@cello86
Copy link

cello86 commented Jun 27, 2023

Hi @jeremymcgee73
I'm using:

packer 1.8.6
ansible 2.15.0

I noticed that from ansible >= 2.8 is required to set use_proxy to false and the ansible-key generated automatically by pakcer ansible provisioner is empty.

I applied this workaround:

packer {
...
  required_plugins {
    sshkey = {
      version = ">= 1.0.9"
      source  = "github.com/ivoronin/sshkey"
    }
  }
}
...
data "sshkey" "install" {
}
...
locals {
...
  data_source_content = {
    "${var.build_kickstart_name}" = templatefile("${abspath(path.root)}/scripts/${var.build_kickstart_name}.pkrtpl.hcl", {
...
      build_ssh_public_key     = data.sshkey.install.public_key
    })
  }
...
}
...
source "vsphere-iso" "rhel" {
...
  communicator         = "ssh"
  ssh_password         = "${var.ssh_password}"
  ssh_private_key_file = data.sshkey.install.private_key_path
...
}
...
build {
  sources = ["source.vsphere-iso.rhel"]

  provisioner "ansible" {
    user              = var.ssh_username
    use_proxy         = false
    groups            = ["all"]
    playbook_file     = "./ansible/test.yaml"
    ansible_env_vars = [
      "ANSIBLE_HOST_KEY_CHECKING=False",
      "ANSIBLE_PYTHON_INTERPRETER=/usr/bin/python3",
      "ANSIBLE_SSH_COMMON_ARGS='-o UserKnownHostsFile=/dev/null'"
    ]
    extra_arguments = [
      "--become"
    ]
  }
...
}

I modified the kickstart file to apply the new public key:

...
sshkey --username=${build_username} "${build_ssh_public_key}"
...
%post
update-crypto-policies --set LEGACY
%end
...

The executed step reported:

==> vsphere-iso.rhel: Executing Ansible: ansible-playbook -e packer_build_name="rhel" -e packer_builder_type=vsphere-iso -e packer_http_addr=127.0.0.1.8888 --ssh-extra-args '-o IdentitiesOnly=yes' --become -e ansible_ssh_private_key_file=/home/test/.cache/packer/ssh_private_key_packer_rsa.pem -i /home/test/.tmp/packer-provisioner-ansible1009054922 /home/test/directory/packer/vsphere-rhel/ansible/test.yaml

This was referenced Jun 27, 2023
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cello86 @jeremymcgee73