Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Galaxy SSH configuration? #79

Open
tomdaley92 opened this issue Jul 14, 2023 · 4 comments
Open

Galaxy SSH configuration? #79

tomdaley92 opened this issue Jul 14, 2023 · 4 comments
Labels
help wanted Extra attention is needed

Comments

@tomdaley92
Copy link

tomdaley92 commented Jul 14, 2023
edited
Loading

Hi there,

Thanks for writing this action! We use a lot of internally developed ansible roles that are stored in github enterprise and need to be able to grab them with ansible galaxy, however we are getting Host key verification failed. during the galaxy role install process. This is for private repos on GitHub Enterprise, expecting to use the same SSH KEY provided for the playbook run as authentication for the git URLs. I've added the known_hosts content for our github server and we're still getting the same error.

My questions are:

  • Does this Action use the playbook SSH key for SSH-based Galaxy installs?
  • Does this Action use the known_hosts content for SSH-based Galaxy installs?

example requirements.yaml with a git url:

roles:
  - name: some-private-ansible-role
    scm: git
    src: "[email protected]:OCC/ansible-role-private-repo.git"
    version: 0.0.1rc1
@dawidd6
Copy link
Owner

dawidd6 commented Jul 15, 2023

I don't think there is any explicit support for that. Someone would need to implement and test this.

@tomdaley92
Copy link
Author

Got it, thanks!

@dawidd6 dawidd6 added the help wanted Extra attention is needed label Aug 11, 2023
@thehedhly
Copy link
Contributor

Hi, identity file support by ansible-galaxy is not yet implemented, please see ansible/galaxy#337

@alorence
Copy link

I solved the same issue by pulling dependencies using ansible-galaxy BEFORE running action-ansible-playbook

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: https://github.com/actions/checkout@v4

      - name: Install Ansible and pull dependencies
        run: |
          python -m pip install ansible
          mkdir -p ~/.ssh && echo "${{ vars.GITEA_KNOWN_HOSTS }}" > ~/.ssh/known_hosts
          eval $(ssh-agent -s) && echo "${{ secrets.PRIVATE_KEY }}" | tr -d '\r' | ssh-add -
          ansible-galaxy install -r requirements.yml

      - name: Run Ansible playbook
        uses: https://github.com/dawidd6/action-ansible-playbook@v2
        with:
          playbook: playbook.yml
          directory: ./
          key: ${{ secrets.PRIVATE_KEY }}
          known_hosts: ${{ TARGET_KNOWN_HOSTS }}
          vault_password: ${{ secrets.VAULT_PASSWORD }}

Important:

  • The public key of the git server must be added to ~/.ssh/known_host to ensure Host key verification will succeed
  • The private key allowed to clone the collection using ssh must be registered with ssh-add

Note: this example is run with Gitea Actions (which is basically the same as GitHub Actions), but I did not test it on GitHub. In particular, I am not sure of the right syntax to use repository-level variables. Gitea Actions uses ${{ vars.VARIABLE_NAME }}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@alorence @dawidd6 @thehedhly @tomdaley92