SSH Key not working as Content / Matrial without using a File
philipphomberger opened this issue · comments
SUMMARY
Provide a quick summary of your bug report.
STACKSTORM VERSION
Paste the output of st2 --version:
st2 3.8.1
OS, environment, install method
Post what OS you are running this on, along with any other relevant information/
- e.g. Docker, Vagrant, Kubernetes, etc. Describe how you installed ST2
- e.g. one-line install, custom install, etc -->
Ansible Installation
RHEL8
Error:
id: 65e1a5ae076b86a5712aa99e
action.ref: core.remote
context.user: testuser
parameters:
cmd: ls
hosts: test-st2-p001.sys.local
private_key: '********'
username: st2_adm
status: failed
start_timestamp: Fri, 01 Mar 2024 09:53:50 UTC
end_timestamp: Fri, 01 Mar 2024 09:53:51 UTC
result:
error: "Unable to connect to any one of the hosts: ['test-st2-p001.sys.local'].
connect_errors={
"test-st2-p001.sys.local": {
"failed": true,
"succeeded": false,
"timeout": false,
"return_code": 255,
"stdout": "",
"stderr": "",
"error": "Failed connecting to host test-st2-p001.sys.local. [Errno 2] No such file or directory: 'b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn'",
"traceback": "Traceback (most recent call last):
File \"/opt/stackstorm/st2/lib/python3.8/site-packages/st2common/runners/parallel_ssh.py\", line 278, in _connect
client.connect()
File \"/opt/stackstorm/st2/lib/python3.8/site-packages/st2common/runners/paramiko_ssh.py\", line 171, in connect
self.client = self._connect(host=self.hostname, socket=self.bastion_socket)
File \"/opt/stackstorm/st2/lib/python3.8/site-packages/st2common/runners/paramiko_ssh.py\", line 747, in _connect
passphrase_reqd = self._is_key_file_needs_passphrase(self.key_files)
File \"/opt/stackstorm/st2/lib/python3.8/site-packages/st2common/runners/paramiko_ssh.py\", line 841, in _is_key_file_needs_passphrase
cls.from_private_key_file(file, password=None)
File \"/opt/stackstorm/st2/lib/python3.8/site-packages/paramiko/pkey.py\", line 249, in from_private_key_file
key = cls(filename=filename, password=password)
File \"/opt/stackstorm/st2/lib/python3.8/site-packages/paramiko/rsakey.py\", line 64, in init
self._from_private_key_file(filename, password)
File \"/opt/stackstorm/st2/lib/python3.8/site-packages/paramiko/rsakey.py\", line 194, in _from_private_key_file
data = self._read_private_key_file(\"RSA\", filename, password)
File \"/opt/stackstorm/st2/lib/python3.8/site-packages/paramiko/pkey.py\", line 321, in _read_private_key_file
with open(filename, \"r\") as f:
FileNotFoundError: [Errno 2] No such file or directory: 'b3BnolNzzC9rZXktdjEALOLABG5vbmUAAAAEbm9uZQAAAAAAZZZBABACFwAAAAdzc2gtcn'
"
}
}"
traceback: " File "/opt/stackstorm/st2/lib/python3.8/site-packages/st2actions/container/base.py", line 117, in _do_run
runner.pre_run()
File "/opt/stackstorm/st2/lib/python3.8/site-packages/st2common/runners/paramiko_ssh_runner.py", line 206, in pre_run
self._parallel_ssh_client = ParallelSSHClient(**client_kwargs)
File "/opt/stackstorm/st2/lib/python3.8/site-packages/st2common/runners/parallel_ssh.py", line 90, in init
connect_results = self.connect(raise_on_any_error=raise_on_any_error)
File "/opt/stackstorm/st2/lib/python3.8/site-packages/st2common/runners/parallel_ssh.py", line 131, in connect
raise NoHostsConnectedToException(msg)
"
Steps to reproduce the problem
Show how to reproduce the problem, using a minimal test-case. Make sure to include any content
(pack content - workflows, actions, etc.) which are needed to reproduce the problem.
KEY=$(sudo cat /home/username/id_rsa)
st2 run core.remote cmd=echo hosts=hostname username=username private_key=$KEY
Expected Results
The description of the Privat key file said that "Private key material or path to the private key file on disk used to log in."
So I expected that I can use PrivatKey Content as input.
The target for me would be do have difrent ssh keys in the key value store and use them is input in workflows instead of have the file on Disk.
Thank You for your Advice.
Regards
Philipp Homberger
REMOTE_RUNNER_PRIVATE_KEY_HEADER = "PRIVATE KEY-----".lower()
def _is_private_key_material(self, private_key):
return private_key and REMOTE_RUNNER_PRIVATE_KEY_HEADER in private_key.lower()
Does this help? Your key does not appear to contain the above header
If this is not explicitly documented then it's a documentation bug and ideally a PR opened against https://github.com/StackStorm/st2docs to fix it.
Could this https://docs.stackstorm.com/reference/runners.html?highlight=private%20key#id2 be any more explicit or is it sufficient?
Hi, thank you both. Yes but than I add begin and end of the ssh key this error happen:
[ecordk_adm@testserver ~]$ st2 run core.remote cmd=ls hosts=testserver username=test_adm private_key=$KEY
usage: st2 [-h] [--version] [--url BASE_URL] [--auth-url AUTH_URL] [--api-url API_URL] [--stream-url STREAM_URL] [--api-version API_VERSION] [--cacert CACERT] [--basic-auth BASIC_AUTH] [--config-file CONFIG_FILE] [--print-config] [--skip-config] [--debug]
{run,action,action-alias,auth,login,whoami,apikey,execution,inquiry,key,pack,policy,policy-type,rule,webhook,timer,runner,sensor,trace,trigger,trigger-instance,rule-enforcement,workflow,service-registry,role,role-assignment} ...
st2: error: unrecognized arguments: -----END RSA PRIVATE KEY-----
So Iam confused at the moment what I did wrong here :/
try to wrap the variable $KEY in ""
@fdrab Thank you this was a very helpful tip.
Solution:
Read the Private Key so:
KEY=sudo cat /etc/st2/id_rsa | sed 's/\n//g'
(Without the line breaks not work correct for me)
Test with: echo "${KEY}"
st2 run core.remote cmd=ls hosts=tessystem username=test_adm private_key="${KEY}"
Add to Key Value Store:
st2 key set test_ssh_privat_key "$KEY" --encrypt
Use From Key Value Store:
st2 run core.remote cmd=ls hosts=tessystem username=test_adm private_key="{{ st2kv.system.test_ssh_privat_key | decrypt_kv }}"
@nzlosh Should I add it to the documentation? I thin could be interesting for other as well.