0

I wanted to set gitlab CI/CD with ansible for my Ubuntu server. in my gitlab-ci.yml I have the following commands:

before_script:
  - ansible --version
  - mkdir secret
  - echo "$ANSIBLE_SSH_KEY" > secret/ansible.key ## import ansible ssh key
  - chmod 400 secret/ansible.key
  - export ANSIBLE_HOST_KEY_CHECKING=False
.
.
.

script: 
    - cat $APP_ENV_FILE_DEV > .env
    - ansible-playbook -i $DEV_INVENTORY --private-key secret/ansible.key -vvv ./ansible/playbooks/deploy.yml

during ansible-playbookcommand I have the following error:

<[MASKED]> ESTABLISH SSH CONNECTION FOR USER: [MASKED]
56<[MASKED]> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/home/gitlab-runner/builds/z9W8_2sz/0/osint4224931/Telegram-parser/secret/ansible.key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="[MASKED]"' -o ConnectTimeout=10 -o ControlPath=/home/gitlab-runner/.ansible/cp/49d20e7fab [MASKED] '/bin/sh -c '"'"'echo ~[MASKED] && sleep 0'"'"''
57<[MASKED]> (255, b'', b'Load key "/home/gitlab-runner/builds/z9W8_2sz/0/osint4224931/Telegram-parser/secret/ansible.key": error in libcrypto\r\n[MASKED]@[MASKED]: Permission denied (publickey).\r\n')
58fatal: [[MASKED]]: UNREACHABLE! => {
59    "changed": false,
60    "msg": "Failed to connect to the host via ssh: Load key \"/home/gitlab-runner/builds/z9W8_2sz/0/osint4224931/Telegram-parser/secret/ansible.key\": error in libcrypto\r\n[MASKED]@[MASKED]: Permission denied (publickey).",
61    "unreachable": true
62}
63PLAY RECAP *********************************************************************
64[MASKED]             : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0

I have created user in my Ubuntu server, added SSH public key to authorized_keys.

When I locally try to enter to this user via SSH, I succeeded. But when ansible tries to do this, there is a problem. If it is useful, my gitlab runner executable is shell. And my DEV_INVENTORY variable in CI/CD is the following:

[dev]
164.90.187.121 ansible_user=deployer

The only thing I have done in the server besides setting gitlab runner is downloading ansible and that is it.

kabdik
  • 13
  • 3
  • Check the perms on the entire path with `namei -l secret/ansible.key` in your ci script. The error is crystal clear: you have a permission problem to access the private key. – Zeitounator Aug 16 '23 at 12:36

0 Answers0