Solved: Re: authorized_key module not working on Ansible 2...

gdevillard · ‎08-02-2022

Hi,

Currently studying Ansible, I'm encountering an issue when attempting to use the authorized_key module with Ansible 2.12, while it work very well with Ansible 2.9.

$ sshpass -p ***** ansible all -m authorized_key -a "user=automation key='{{ lookup('file', '/home/automation/.ssh/id_rsa.pub') }}' state=present" -u root -k

ansible-dev3 | FAILED! => {
"msg": "The module authorized_key was redirected to ansible.posix.authorized_key, which could not be loaded."
}
ansible-dev2 | FAILED! => {
"msg": "The module authorized_key was redirected to ansible.posix.authorized_key, which could not be loaded."
}
ansible-dev1 | FAILED! => {
"msg": "The module authorized_key was redirected to ansible.posix.authorized_key, which could not be loaded."
}

It appears the module was renamed from authorized_key to ansible.posix.authorized_key but in any case it is still not working:

$ sshpass -p ***** ansible all -m ansible.posix.authorized_key -a "user=automation key='{{ lookup('file', '/home/automation/.ssh/id_rsa.pub') }}' state=present" -u root -k

ansible-dev3 | FAILED! => {
"msg": "The module ansible.posix.authorized_key was not found in configured module paths"
}
ansible-dev2 | FAILED! => {
"msg": "The module ansible.posix.authorized_key was not found in configured module paths"
}
ansible-dev1 | FAILED! => {
"msg": "The module ansible.posix.authorized_key was not found in configured module paths"
}

I tried to install it with ansible-galaxy but receiving a new error:
$ ansible-galaxy install authorized_key

Starting galaxy role install process
- downloading role 'authorized_key', owned by
[WARNING]: - authorized_key was NOT installed successfully: None (HTTP Code: 400, Message: Bad Request)
ERROR! - you can use --ignore-errors to skip failed roles and finish processing the list.

Am I doing something wrong or should I use some different module in newer versions of Ansible?

Thanks in advance,

Gilles

Fran_Garcia · ‎08-02-2022

Just using ansible-core RPM package and the galaxy collection produces this:

root@rhel86 ~ # ansible localhost -m authorized_key -a "user=automation key='{{ lookup('file', '/root/.ssh/id_rsa.pub') }}' state=present" -u root -k
SSH password:
[WARNING]: Unable to find '/root/.ssh/id_rsa.pub' in expected paths (use -vvvvv to see paths)
localhost | FAILED! => {
"msg": "An unhandled exception occurred while running the lookup plugin 'file'. Error was a <class 'ansible.errors.AnsibleError'>, original message: could not locate file in lookup: /root/.ssh/id_rsa.pub. could not locate file in lookup: /root/.ssh/id_rsa.pub"
}

root@rhel86 ~ # ansible --version
ansible [core 2.12.2]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.8/site-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /bin/ansible
python version = 3.8.12 (default, Sep 16 2021, 10:46:05) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)]
jinja version = 2.10.3
libyaml = True

I'd argue that you either go with everything as RPM, or pip. If using pip, ensure you also use a virtual environment, and not blindly `pip install` stuff as root, as it might interfere with other stuff provided by RPM packages.

Eg:

root@rhel86 ~ # virtualenv ansible213
Using base prefix '/usr'
New python executable in /root/ansible213/bin/python3.6
Also creating executable in /root/ansible213/bin/python
Installing setuptools, pip, wheel...done.

root@rhel86 ~ # . ansible213/bin/activate

(ansible213) root@rhel86 ~ # pip install -U pip
Requirement already satisfied: pip in ./ansible213/lib/python3.6/site-packages (21.3.1)

(ansible213) root@rhel86 ~ # pip install -U ansible ansible-core

(ansible213) root@rhel86 ~ # ansible --version
[DEPRECATION WARNING]: Ansible will require Python 3.8 or newer on the controller starting with Ansible 2.12. Current version: 3.6.8 (default, Jan 14 2022, 11:04:20) [GCC 8.5.0 20210514 (Red Hat 8.5.0-7)]. This feature will be
removed from ansible-core in version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
/root/ansible213/lib/python3.6/site-packages/ansible/parsing/vault/__init__.py:44: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography and will be removed in a future release.
from cryptography.exceptions import InvalidSignature
ansible [core 2.11.12]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /root/ansible213/lib/python3.6/site-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /root/ansible213/bin/ansible
python version = 3.6.8 (default, Jan 14 2022, 11:04:20) [GCC 8.5.0 20210514 (Red Hat 8.5.0-7)]
jinja version = 3.0.3
libyaml = True

View solution in original post

Fran_Garcia · ‎08-02-2022

How did you install ansible?

As part of RHEL8.6/RHEL9 , ansible is no longer included, but the ansible-core package with version 2.12. That Ansible version only includes core modules and no collections outside core.

For a full Ansible experience you can use either Ansible Automation Platform, or pip with the latest ansible and ansible-core PIP packages .

Fran_Garcia · ‎08-02-2022

Also, the right incantation to install a collection with Galaxy is:

# ansible-galaxy collection install ansible.posix
Starting galaxy collection install process
Process install dependency map
Starting collection install process
Downloading https://galaxy.ansible.com/download/ansible-posix-1.4.0.tar.gz to /root/.ansible/tmp/ansible-local-2720s8v3hilx/tmpl0yp2x5k/ansible-posix-1.4.0-4fgi1l0p
Installing 'ansible.posix:1.4.0' to '/root/.ansible/collections/ansible_collections/ansible/posix'
ansible.posix:1.4.0 was installed successfully

gdevillard · ‎08-02-2022

Hi Fran,

Yes, apologies, I copied the wrong command from my terminal history. I tried to install it with ansible-galaxy collection install ansible.posix but it did not resolve my issue unfortunately.

Did the sample code I pasted in my original comment worked for you? The only way I could get it working was by downgrading Ansible via the following commands:

sudo dnf install python3-pip
sudo pip3 install --upgrade pip
sudo pip3 install -I ansible==2.9

Then everything worked..

Fran_Garcia · ‎08-02-2022

Just using ansible-core RPM package and the galaxy collection produces this:

root@rhel86 ~ # ansible localhost -m authorized_key -a "user=automation key='{{ lookup('file', '/root/.ssh/id_rsa.pub') }}' state=present" -u root -k
SSH password:
[WARNING]: Unable to find '/root/.ssh/id_rsa.pub' in expected paths (use -vvvvv to see paths)
localhost | FAILED! => {
"msg": "An unhandled exception occurred while running the lookup plugin 'file'. Error was a <class 'ansible.errors.AnsibleError'>, original message: could not locate file in lookup: /root/.ssh/id_rsa.pub. could not locate file in lookup: /root/.ssh/id_rsa.pub"
}

root@rhel86 ~ # ansible --version
ansible [core 2.12.2]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.8/site-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /bin/ansible
python version = 3.8.12 (default, Sep 16 2021, 10:46:05) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)]
jinja version = 2.10.3
libyaml = True

I'd argue that you either go with everything as RPM, or pip. If using pip, ensure you also use a virtual environment, and not blindly `pip install` stuff as root, as it might interfere with other stuff provided by RPM packages.

Eg:

root@rhel86 ~ # virtualenv ansible213
Using base prefix '/usr'
New python executable in /root/ansible213/bin/python3.6
Also creating executable in /root/ansible213/bin/python
Installing setuptools, pip, wheel...done.

root@rhel86 ~ # . ansible213/bin/activate

(ansible213) root@rhel86 ~ # pip install -U pip
Requirement already satisfied: pip in ./ansible213/lib/python3.6/site-packages (21.3.1)

(ansible213) root@rhel86 ~ # pip install -U ansible ansible-core

(ansible213) root@rhel86 ~ # ansible --version
[DEPRECATION WARNING]: Ansible will require Python 3.8 or newer on the controller starting with Ansible 2.12. Current version: 3.6.8 (default, Jan 14 2022, 11:04:20) [GCC 8.5.0 20210514 (Red Hat 8.5.0-7)]. This feature will be
removed from ansible-core in version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
/root/ansible213/lib/python3.6/site-packages/ansible/parsing/vault/__init__.py:44: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography and will be removed in a future release.
from cryptography.exceptions import InvalidSignature
ansible [core 2.11.12]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /root/ansible213/lib/python3.6/site-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /root/ansible213/bin/ansible
python version = 3.6.8 (default, Jan 14 2022, 11:04:20) [GCC 8.5.0 20210514 (Red Hat 8.5.0-7)]
jinja version = 3.0.3
libyaml = True

gdevillard · ‎08-03-2022

Thanks for your time and your replies!

So, if I understand correctly, community-built Ansible can be installed via PIP (using virtualenv as recommendation), or via the default Ansible 2.12 from RHEL (installed with dnf install ansible-core), or specifically Ansible 2.9 from the Red Hat Ansible Engine repository with the following commands:

# Register (if needed)
subscription-manager register

# Search for available versions of Red Hat Ansible Engine repo
subscription-manager repos --list | grep ansible

# Enable selected Red Hat Ansible Engine repo
subscription-manager repos --enable ansible-2.9-for-rhel-8-x86_64-rpms

# Install selected versions of Ansible (note: installing 'ansible' here instead of 'ansible-core')
dnf install ansible

Does this seems correct?

Fran_Garcia · ‎08-03-2022

Note that the approach using the `ansible-2.9-for-rhel-8-x86_64-rpms` repo is deprecated as of RHEL 8.6 / RHEL 9.0 . Ansible 2.9 development has stopped, as the version is now end of life. There's additional documentation in https://access.redhat.com/articles/639336 with some additional discussion in the comments. So moving forward the recommendation is to use a current (supported) Ansible version.

Hope this helps,

Fran

gdevillard · ‎08-05-2022

Hi Fran,

Accepting your earlier solution now that I had time to verify, thanks for that!

In summary, there are 3x ways to install ansible:

For RHEL 8.4, to install Ansible 2.9 (which is not supported anymore), use dnf to install 'ansible'
For RHEL 8.6, to install the current Ansible 2.12, use dnf to install 'ansible-core', then use Ansible Galaxy to install the collection 'ansible.posix'
For generic systems, to install Ansible maintained by the community, use pip to install 'ansible' (in a virtual environment to avoid conflict with the rest of the packages on the system)

Best regards,
Gilles

authorized_key module not working on Ansible 2.12

Ansible

ex294