ansible-collections / ansible.scm Goto Github PK

SUMMARY

it would be really helpful if you could add a key_file path option to the modules to point to specific private key file to gain permissions to private repos.

ISSUE TYPE

• Feature Idea

COMPONENT NAME

ADDITIONAL INFORMATION

to allow easier usage of private key files to access private repos

- name: Commit and Push changes
  ansible.scm.git_publish:
    path: "{{ git_path }}"
    user:
      name: "David Danielsson"
    key_file: "{{ lookup('env', 'MY_CERT_FILE_PATH') }}"

SUMMARY

Coming to this repo, it is not clear what this collection does and how it can be used. A few sentences at the top of the README with the intended purpose and function of this collection would quickly provide that clarity to anyone that comes to the repo or find it in Galaxy or Automation Hub.

ISSUE TYPE

• Documentation Report

COMPONENT NAME

README.md

SUMMARY

Would it be possible to add an argument to git_publish to tag a current a specific release/commit, which we could as a reference to retrieve withgit_retrieve.

The goal would be to save arbitrary network device configs to a git repository and be able to get them back based on the defined tag.

ISSUE TYPE

• Feature Idea

COMPONENT NAME

ansible.scm.git_publish and ansible.scm.git_retrieve.

ADDITIONAL INFORMATION

A tentative playbook could look like this:

    - name: Set a tag
      ansible.builtin.set_fact:
        time: "{{ ansible_date_time.iso8601_micro }}"
        repo: "http://github.com/..."

    - name: Publish the changes with a tag [Save current config]
      ansible.scm.git_publish:
        path: "{{ repo }}"
        tag: "{{ time }}"

    - name: Retrieve a repository [Get previously saved config]
      ansible.scm.git_retrieve:
        origin:
          url: "{{ repo }}"
          tag: "{{ time }}"

Will close this when complete

SUMMARY

Token should be non-mandatory while perform check_argspec functionality

STEPS TO REPRODUCE

---
- hosts: rtr1
  gather_facts: true
  tasks:
    - name: Network BGP Manager
      ansible.builtin.include_role:
        name: network.base.resource_manager
      vars:
        action: persist
        ansible_network_os: cisco.ios.ios
        resources:
          - 'interfaces'
          - 'l2_interfaces'
          - 'l3_interfaces'
          - 'bgp_global'
          - 'bgp_address_family'
          - 'ospfv2'
          - 'ospfv3'
          - 'ospf_interfaces'
        origin: https://github.com/rohitthakur2590/network_validated_content_automation.git

ACTUAL RESULTS

The full traceback is:
NoneType: None
fatal: [rtr1]: FAILED! => {
"changed": false,
"msg": "Token can not be an empty string"
}

instead this need to be checked when token provided and is empty string

SUMMARY

I am trying to use ansible.scm in an AAP Execution Environment to retrieve a git repository via SSH. When calling git_retrieve the execution stops, asking what to do about the new unknown hostkey. Afterwards the execution is aborted due to a timeout waiting for a console input.
I tried adding 'host_key_checking: "no"' to the task, but this did not change anything. I guess git_publish will have the same problem.

ISSUE TYPE

• Bug Report

COMPONENT NAME

ANSIBLE VERSION

# ansible --version
ansible [core 2.14.5]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.9/site-packages/ansible
  ansible collection location = /home/runner/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.9.16 (main, May 31 2023, 12:21:58) [GCC 8.5.0 20210514 (Red Hat 8.5.0-18)] (/usr/bin/python3.9)
  jinja version = 3.1.2
  libyaml = True

COLLECTION VERSION

Collection  Version
----------- -------
ansible.scm 1.1.0

CONFIGURATION

CONFIG_FILE() = /etc/ansible/ansible.cfg

OS / ENVIRONMENT

Ansible Automation Platform Controller 4.3.8
The execution environment uses "Red Hat Enterprise Linux release 8.8 (Ootpa)"

STEPS TO REPRODUCE

Launch a Job Template in an execution environment which does not have any SSH known_hosts file.

---
- name: "ansible.scm tests"
  hosts: localhost
  gather_facts: false
  collections:
    - ansible.scm
  tasks:
    - name: "Retrieve Task"
      ansible.scm.git_retrieve:
        host_key_checking: "no"
        origin:
          url: ssh://git@gitithost/projectname/reponame.git
      register: repository

EXPECTED RESULTS

The expectation is, that the given git repo is checked out into a temporary directory inside the execution environment accepting/ignoring the unknown host key. The same way as the "accept_hostkey: true" option of ansible.builtin.git is working.

ACTUAL RESULTS

The execution got stuck at the ssh prompt asking wether to accept the unknown host key. Finally running into a timeout as no answer is given.
Although not tested, I assume git_publish will have the same problem.

Enter passphrase for /runner/artifacts/707585/ssh_key_data: 
Identity added: /runner/artifacts/707585/ssh_key_data (/runner/artifacts/707585/ssh_key_data)

PLAY [ansible.scm tests] *******************************************************

TASK [Retrieve Task] **************************************************************
The authenticity of host '[githost]:PORT ([IP ADDRESSE]:PORT)' can't be established.
RSA key fingerprint is SHA256:FINGERPRINT_REMOVED.
Are you sure you want to continue connecting (yes/no/[fingerprint])? 
fatal: [localhost]: FAILED! => {"branch_name": "", "branches": [], "changed": true, "msg": "Timeout: Failed to clone repository: ssh://git@githost:PORT/projectname/reponame.git", "name": "", "output": [{"command": "git -C /tmp/tmpunfrecz9 clone --depth=1 --progress --no-single-branch ssh://git@githost:PORT/projectname/reponame.git", "env": "", "return_code": 62, "stderr_lines": ["Cloning into 'reponame'..."], "stdout_lines": []}], "path": ""}

PLAY RECAP *********************************************************************
localhost                  : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   

My main reason I am trying to use ansible.scm is the git_publish functionality.

As a workaround I could use a dummy ansible.builtin.git with the "accept_hostkey: true" option, to add the git server's fingerprint to the ~/.ssh/known_hosts file in the EE, and afterwards use ansible.scm.*