- name: ssh test
image: appleboy/drone-ssh
settings:
host:
- ***.***.***.***
username: user
key:
from_secret: ssh_key
script:
- echo "Hello World"
- name: deploy
image: plugins/ansible
settings:
verbose: 3
playbook: deploy/playbook.yml
galaxy: deploy/requirements.yml
inventory: deploy/inventory
private_key:
from_secret: ssh_key
when:
branch:
- master
event:
- push
---
kind: secret
name: ssh_key
get:
path: secret/data/docker
name: ssh_key
My drone server and runner are docker containers running on a docker network, they are configured to pull the ssh_key secret from a vault instance using the extension and do so successfully.
When I try to run the above .drone.yml file the ssh test works fine with the secret ssh_key and makes a connection.
latest: Pulling from appleboy/drone-ssh
Digest: sha256:954ace4a2e79c0b1a6a66faa4575babcfdcb2f0647a6b53d38f99702679e9231
Status: Image is up to date for appleboy/drone-ssh:latest
======CMD======
echo "Hello World"
======END======
out: Hello World
==============================================
✅ Successfully executed commands to all host.
==============================================
But the ansible plugin does not make a connection using the same ssh_key secret.
<***.***.***.***> ESTABLISH SSH CONNECTION FOR USER: user
<***.***.***.***> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/tmp/privateKey523674090"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="user"' -o ConnectTimeout=10 -o StrictHostKeyChecking=no -o 'ControlPath="/root/.ansible/cp/833a45386d"' ***.***.***.*** '/bin/sh -c '"'"'echo ~user && sleep 0'"'"''
<***.***.***.***> (255, b'', b'Warning: Permanently added \***.***.***.***\' (ED25519) to the list of known hosts.\r\nLoad key "/tmp/privateKey523674090": error in libcrypto\r\user@***.***.***.***: Permission denied (publickey,password).\r\n')
fatal: [***.***.***.***]: UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Warning: Permanently added '***.***.***.***' (ED25519) to the list of known hosts.\r\nLoad key \"/tmp/privateKey523674090\": error in libcrypto\r\user@***.***.***.***: Permission denied (publickey,password).",
"unreachable": true
}
I have exhausted my options for problem solving this, the only thing I can think of that may be an issue is the tmp/privatekey***** file that is create to hold the ssh_key secret is somehow not copied in to the instanced runner or is not accessible.
And due to my setup, I can’t seem to get logs to save successfully because of the containerized nature of the system.
Any help would be appreciated.