Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Only one authorized_keys is uploaded when booting to rescue #112

Closed
jooola opened this issue Jun 17, 2024 · 4 comments · Fixed by #113
Closed

Only one authorized_keys is uploaded when booting to rescue #112

jooola opened this issue Jun 17, 2024 · 4 comments · Fixed by #113
Labels
bug Something isn't working

Comments

@jooola
Copy link
Contributor

jooola commented Jun 17, 2024

SUMMARY

When activating the rescue system for a Robot server, only a single SSH key is uploaded to the rescue system /root/.ssh/authorized_keys.

ISSUE TYPE
  • Bug Report
COMPONENT NAME

community.hrobot.boot

ANSIBLE VERSION
ansible [core 2.16.5]
  config file = None
  configured module search path = ['/home/jo/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /opt/pipx/venvs/ansible-core/lib/python3.11/site-packages/ansible
  ansible collection location = /home/jo/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.11.2 (main, Mar 13 2023, 12:18:29) [GCC 12.2.0] (/opt/pipx/venvs/ansible-core/bin/python)
  jinja version = 3.1.3
  libyaml = True
COLLECTION VERSION
Collection                               Version
---------------------------------------- -------
community.general                        9.0.1  
community.hrobot                         2.0.0  
community.library_inventory_filtering_v1 1.0.1
STEPS TO REPRODUCE
---
- name: Boot to rescue
  hosts: all
  gather_facts: false

  vars:
    # SSH keys to add to the server. Must already exist in Robot.
    authorized_keys:
      - 21:ea:a3:5c:02:a6:0c:42:0b:ef:b5:60:ae:5b:07:9b # key1
      - fa:7d:44:f4:d2:bc:52:96:52:6f:b1:12:19:6b:48:38 # key2
      - fc:3c:b4:42:c9:bf:f9:6e:be:58:d3:12:40:c7:13:b2 # key3

  module_defaults:
    group/community.hrobot.robot:
      hetzner_user: "{{ lookup('ansible.builtin.env', 'ROBOT_USER') }}"
      hetzner_password: "{{ lookup('ansible.builtin.env', 'ROBOT_PASSWORD') }}"

  tasks:
    - name: Enable rescue system
      delegate_to: localhost
      community.hrobot.boot:
        server_number: "{{ server_number }}"
        rescue:
          authorized_keys: "{{ authorized_keys }}"
          os: linux

    - name: Reboot into rescue system
      delegate_to: localhost
      community.hrobot.reset:
        server_number: "{{ server_number }}"
        reset_type: hardware

    # Might already fail here, if the authorized key used to connect was not uploaded
    - name: Wait for the server to be reachable
      ansible.builtin.wait_for_connection:
        delay: 5

- name: Check
  hosts: all
  gather_facts: true
  tasks:
    - name: Check all auth orized_keys are uploaded
      ansible.builtin.shell:
        cmd: test $(wc -l /root/.ssh/authorized_keys) == 3
EXPECTED RESULTS

The 3 ssh keys to be present in the /root/ssh/.authorized_keys files.

ACTUAL RESULTS

Only one key is present in the /root/ssh/.authorized_keys files.
@felixfontein
Copy link
Collaborator

Hmm, I'm pretty sure the module passes the keys on to the robot API. My guess is that the robot API (or some system it uses?) only uses the first key for whatever reason, but 🤷 Unfortunatley I cannot test the module myself currently, so I won't be able to debug this anytime soon.

@felixfontein felixfontein added the bug Something isn't working label Jun 17, 2024
@felixfontein
Copy link
Collaborator

(I would begin with adding import q / q.q(url, data) before https://github.com/ansible-collections/community.hrobot/blob/main/plugins/module_utils/robot.py#L128 to see what it actually sends to the API, and compare it with https://robot.hetzner.com/doc/webservice/en.html#post-boot-server-number-rescue - which unfortunately has no example of how to pass authorized keys in...)

@jooola
Copy link
Contributor Author

jooola commented Jun 17, 2024
edited
Loading

I already dived in this direction and the body looks like the following (each & was replaced by a new line):

os=linux
authorized_key=fa%3A7d%3A44%3Af4%3Ad2%3Abc%3A52%3A96%3A52%3A6f%3Ab1%3A12%3A19%3A6b%3A48%3A38
authorized_key=21%3Aea%3Aa3%3A5c%3A02%3Aa6%3A0c%3A42%3A0b%3Aef%3Ab5%3A60%3Aae%3A5b%3A07%3A9b

The documentation is indeed lacking an example. I'll try to find the source of this bug.

@jooola
Copy link
Contributor Author

jooola commented Jun 17, 2024

I checked how the request looked like from withtin the Hetzner Robot console, and the request looks like the following:

os=linux
key%5B%5D=21%3Aea%3Aa3%3A5c%3A02%3Aa6%3A0c%3A42%3A0b%3Aef%3Ab5%3A60%3Aae%3A5b%3A07%3A9b
key%5B%5D=fa%3A7d%3A44%3Af4%3Ad2%3Abc%3A52%3A96%3A52%3A6f%3Ab1%3A12%3A19%3A6b%3A48%3A38
keyboard=de

So I tried this array syntax, and I was able to configure multiple authorized keys on the rescue system.
I assume that every variable that accepts an array should be formatted in the same way.

I'll open a PR to fix the rescue autorized_keys and check if I can find an answer for the rest of the array fields.

@jooola jooola mentioned this issue Jun 17, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use PHP array form encoding when sending multiple authorized_key jooola/community.hrobot
2 participants
@felixfontein @jooola