Reputation: 1613
Jenkins Ansible plugin Permission denied (publickey,password) - failing to copy private key
I'm trying to use the Jenkins Ansible plugin to deploy a project. I figured this should be pretty easy as i'm pretty familiar with both Jenkins and Ansible. However, i'm having issues getting the Ansible command to successfully execute. I believe the problem lies in the use of the credentials. We have a jenkins user that owns the Jenkins execution process and we have a jenkins user setup on the machine being deployed to. We are using SSH keys and I have added the jenkins users private key to the Jenkins credential store and selected those in the Ansible configuration. However, when i run the job, this is the snippet of my output (replaced some information).
[my-job] $ ansible-playbook my-job.yml -i inventories/dev -l 1_2_3_4 -f 1 --private-key /tmp/ssh7229752594712048879.key -u jenkins --diff --vault-password-file ~/.vault-pass
PLAY [tag_ansible_groups_my_job] ***********************
TASK [setup] *******************************************************************
fatal: [1_2_3_4]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Permission denied (publickey,password).\r\n", "unreachable": true}
to retry, use: --limit @/data/jenkinsdata/workspace/my-job/my-job.retry
PLAY RECAP *********************************************************************
1_2_3_4 : ok=0 changed=0 unreachable=1 failed=0
FATAL: command execution failed
hudson.AbortException: Ansible playbook execution failed
at org.jenkinsci.plugins.ansible.AnsiblePlaybookBuilder.perform(AnsiblePlaybookBuilder.java:227)
at org.jenkinsci.plugins.ansible.AnsiblePlaybookBuilder.perform(AnsiblePlaybookBuilder.java:200)
at hudson.tasks.BuildStepCompatibilityLayer.perform(BuildStepCompatibilityLayer.java:78)
at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20)
at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:779)
at hudson.model.Build$BuildExecution.build(Build.java:205)
at hudson.model.Build$BuildExecution.doRun(Build.java:162)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:534)
at hudson.model.Run.execute(Run.java:1729)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:98)
at hudson.model.Executor.run(Executor.java:404)
ERROR: Ansible playbook execution failed
Finished: FAILURE
I've run the same command successfully from the Jenkins machine and it works just fine. The only difference was that I referenced the original SSH private key instead of the copied temporary key. To see if this was the issue, I decided to check the contents of the copied temporary SSH private key and the file was empty. I checked the file before the job finished executing as I am assuming it stays there for the life of the job and removed only after the job has finished executing. To verify this, I removed the use of credentials from the configuration and added in the private-key and user parameters pointing directly to the appropriate key and the job runs successfully.
[my-job] $ ansible-playbook my-job.yml -i inventories/dev -l 1_2_3_4 -f 1 --private-key ~/.ssh/id_rsa -u jenkins --diff --vault-password-file ~/.vault-pass
PLAY [tag_ansible_groups_my_job] ***********************
TASK [setup] *******************************************************************
ok: [1_2_3_4]
So, to me, it seems that Jenkins is failing to copy the SSH private key to the temporary file(s). I've tried with other SSH keys but still the same problem each time. I've tried specifying the private key in Jenkins credential store itself rather than specifying the location and that also did not work. I've checked the Jenkins logs and there is nothing that would indicate why the private SSH key would fail to copy to the /tmp directory.
I'd prefer not to reference the key directly in the additional parameters as this limits me to only keys located on that server. Any suggestions?
Upvotes: 3
Views: 2192
Answers (1)
Reputation: 1
I found this solution at Edureka. It worked for me.
set "host_key_checking = False" in /etc/ansible/ansible.cfg
https://www.edureka.co/community/42595/not-able-connect-remote-host-via-jenkins-run-ansible-playbook
Upvotes: 0
Related Questions
- Install Jenkins Plugins with Ansible
- jenkins.plugins.publish_over.BapPublisherException: Failed to connect and initialize SSH connection
- Jenkins Publish over ssh authentification failed with private key
- Git | Jenkins | Permission denied (publickey)
- Jenkins ssh-agent Host key verification failed
- Ansible jenkins_plugin module returns "HTTP Error 403: No valid crumb was included in the request"
- Jenkins publish over ssh shows error "jenkins.plugins.publish_over.BapPublisherException: Failed to add SSH key."
- Jenkins Permission denied accessing pem key from Jenkins CLI - Try to make the loging another instance from jenkins instance
- jenkins-cli not authenticating with provided ssh private key
- Public key denied when fetching from Bitbucket in Ansbile with Jenkins