Joel Shajan
Reputation: 21
How do I use ansible to connect to gcp compute instances without manual ssh keys?
I am trying to set up ansible for my gcp compute instances. I want to know if there is some way to use gcp credentials for logging into compute instances. I am aware of the ansible gcp_compute module but it only allows you to get your inventory list. I don't want to have to manually set up ssh keys and rotate them periodically for all instances.
Can anyone help regarding this?
I have already tried following the method and Ansible GCP IAP tunnel but it doesn't seem to work for me and it bugs out with the following error :
fatal: [host-1]: FAILED! => {"ansible_facts": {}, "changed": false, "failed_modules": {"ansible.legacy.setup": {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "failed": true, "module_stderr": "ERROR: (gcloud.compute.ssh) argument [USER@]INSTANCE: Must be specified.
Usage: gcloud compute ssh [USER@]INSTANCE [optional flags] [-- SSH_ARGS ...]
optional flags may be --command | --container | --dest-group | --dry-run |
--force-key-file-overwrite | --help | --internal-ip |
--network | --plain | --region | --ssh-flag |
--ssh-key-expiration | --ssh-key-expire-after |
--ssh-key-file | --strict-host-key-checking |
--troubleshoot | --tunnel-through-iap | --zone
For detailed information on this command and its flags, run:
gcloud compute ssh --help
", "module_stdout": "", "msg": "MODULE FAILURE
See stdout/stderr for the exact error", "rc": 2, "warnings": ["Platform unknown on host host-1 is using the discovered Python interpreter at /usr/bin/python, but future installation of another Python interpreter could change the meaning of that path. See https://docs.ansible.com/ansible-core/2.16/reference_appendices/interpreter_discovery.html for more information."]}}, "msg": "The following modules failed to execute: ansible.legacy.setup
"}
Upvotes: 1
Views: 663
Answers (1)
Filip
Reputation: 293
- About setting up IAP Tunneling with Ansible check this answer, maybe it will be helpful - https://stackoverflow.com/a/66564017/22221307
- Also look at OS Login. Use OS Login to manage SSH access to your instances using IAM without creating and managing individual SSH keys. After setting up OS Login you can connect to an instance using your account or service account.
Upvotes: 1
Related Questions
- fatal: [10.X.X.X]: FAILED! => {"msg": " [WARNING] Ansible is being run in a world writable directory Ansible
- Unable to ping nodes from ansible
- Getting a python warning when running playbook EC2 inventory
- Ansible - Unhandled error in Python interpreter discovery for
- Can't connect to gcloud compute via ssh
- how to fix the issue "Failed to connect to the host via ssh" in ansible
- Ansible: Change python interpeter when delegating to
- Shared connection to server failed (trying to run an Ansible playbook)