Hello, Thanks for taking the time to explain everything! :)
In fact my main problem was the fact I didn't get quite well what I needed to put in the secrets.py, but now it's alright and I managed to make everything work perfectly fine. Just a thing, if someone read this thread to find some answer, you said to use the latest libcloud version, with "pip install 0.14.0-beta3" but people shouldn't for now. There is a small bug in this version making - at least in my case - the module fails its run. Raising: http://pastebin.com/Ajuu8Xwb It's been fixed into the github, so I think it'll be ok in the next version :) About the credential, I think it would be cool to be able to specify them into an ansible variable. But hey, it's working fine the way it is now too :) -- Hmm, just in case some people want some information on how to use the module, I'll try to describe my current architecture (which is working, but might not be the best one?) First, my files : ./google/gce-pk-rsa.pem > It's the key the Google Console provide you when you create a "New Client ID" (OAuth & API > Credentials) with the type "Service" > The is given by google in the pkcs12 format, and needs to be converted into a RSA key using the command given by Eric ./google/secrets.py > A python file with the two variables "GCE_PARAMS" and "GCE_KEYWORD_PARAMS" as explained by Eric again. ./google/google_compute_engine > This is my GCE's SSH pkey that I found in ~/.ssh/. It is used to be able to connect to the VMs ./hosts > My hosts file contain instance's names. I chose to set instance's property in it. It looks like: --- [SomeGroup] vm[1:2] type=f1-micro zone=europe-west1-b image=debian-7 vm3 type=g1-small zone=europe-west1-b image=debian-7 [SomeOtherGroup] vm[4:6] type=g1-small zone=europe-west1-a image=debian-7 --- ./deploy-google.yml > In this playbook, I ensure that my VMs are created, and I set the correct SSH things --- - hosts: all connection: local gather_facts: False tasks: - local_action: module: gce name: "{{ inventory_hostname }}" zone: "{{ zone }}" machine_type: "{{ type }}" image: "{{ image }}" register: gce_info - set_fact: public_ip={{ gce_info.instance_data[0].public_ip }} - set_fact: private_ip={{ gce_info.instance_data[0].private_ip }} - set_fact: ansible_ssh_host={{ public_ip }} - name: Wait for SSH to come up local_action: wait_for host={{ public_ip }} port=22 delay=10 timeout=60 state=started // And then I just use my hosts as I would do in a standard deployment --- And then, when I want to run my playbook, I use : ansible-playbook -i hosts deploy-google.yml --private-key google/google_compute_engine With my environment variable PYTHONPATH=/<path>/google/. And don't forget to have libcloud installed! I would recommand to git clone the repo, and then to use "python setup.py build/setup" And that's it. It may contain some redundant informations with the thread, but I thought it would be a good thing to have "full guide" :) Best Regards, Michael. Le samedi 11 janvier 2014 00:17:27 UTC, Eric Johnson a écrit : > > Hi Michael, > > First, thanks for reporting the bug. I've filed > https://github.com/ansible/ansible/issues/5583 so feel free to add more > details if you'd like. I'll try and get a fix for an improved error message > out soon. > > I've seen the error "RSA key format is not supported" typically only when > the keyfile has not been properly converted to RSA/PEM format. It's likely > redundant information, but just to be clear, the command I use to convert > my key is: > > $ openssl pkcs12 -in long-hash-keyname.p12 -nodes -nocerts | openssl rsa > -out /path/to/converted.pem > > When prompted for a password, the default is: notasecret > > If I use 'file' on both, I see: > long-hash-keyname.p12: data > converted.pem: PEM RSA private key > > Make sure you have the latest libcloud installed (pip install > apache-libcloud==0.14.0-beta3). > > Now, just so we can verify that the key is working and you can at least > connect to GCE and extract host information, try this: > > Checkout the latest ansible from source and set up the environment, > > $ git clone https://github.com/ansible/ansible > $ cd ansible > $ . hacking/env-setup > > Create a 'secrets' file in your home directory and set the proper values. > Alternatively, you should be able to create this file in the PYTHONPATH > defined when running "source hacking/env-setup" > > $ cat $HOME/secrets.py > GCE_PARAMS = ('[email protected] <javascript:>', > '/path/to/converted.pem') > GCE_KEYWORD_PARAMS = {'project': 'my_project_id'} > > Edit the gce.ini file in the source tree, and set the 'libcloud_secrets' > variable, the relevant parts for me look like, > $ cat plugins/inventory/gce.ini > [gce] > libcloud_secrets = /home/myusername > > Now, you can set an environment variable for the inventory plugin, > $ export GCE_INI_PATH=$HOME/ansible/plugins/inventory/gce.ini > > With all that in place, you can try to use the inventory plugin against an > existing GCE instance just to see if all the auth stuff is working: > > $ ansible/plugins/inventory/gce.py --host myinstance > > And you'll hopefully get back some json about that instance. > > I know this is a lot of overhead, but I'm not clear about the idiomatic > way to define these libcloud/GCE authentication parameters. I'd be very > grateful to be enlightened with a large cluestick! > > Ultimately for the GCE modules, they need to exist in a 'secrets.py' file > that's in ansible's PYTHONPATH. > > Hope that helps! > Eric > > On Thu, Jan 9, 2014 at 9:56 AM, <[email protected] <javascript:>> wrote: > >> Hello, >> >> I'm trying to use the GCE module, but so far, I'm not very lucky. >> >> What I have done: >> 1. I registered a new "service app" on my google cloud console, and >> downloaded the generated private key, in pkcs2 format. >> 2. Created a file secrets.py looking like following, and put it in some >> folder which is in my PYTHONPATH >> --- >> GCE_PARAMS = ('[email protected] <javascript:>', >> 'secret') >> GCE_KEYWORD_PARAMS = {'project': 'project-name'} >> --- >> >> 3. Converted my private key in RSA format >> 4. Created a playbook looking like following >> --- >> - hosts: localhost >> tasks: >> - local_action: >> module: gce >> name: test-instance >> zone: europe-west1-b >> machine_type: f1-micro >> image: debian-7 >> --- >> >> But when I tried to run my playbook, I've : >> --- >> failed: [127.0.0.1] => {"failed": true, "parsed": false} >> invalid output was: Traceback (most recent call last): >> File "/root/.ansible/tmp/ansible-1389289770.6-124236068572659/gce", >> line 1446, in <module> >> main() >> File "/root/.ansible/tmp/ansible-1389289770.6-124236068572659/gce", >> line 376, in main >> module.fail_json(msg=unexpected_error_msg(e), changed=False) >> File "/root/.ansible/tmp/ansible-1389289770.6-124236068572659/gce", >> line 190, in unexpected_error_msg >> error.http_code, error.code, str(error.value)) >> AttributeError: 'exceptions.ValueError' object has no attribute >> 'http_code' >> --- >> >> That's a bug of the module, on /usr/share/ansible/cloud/gce at line 190 >> it tries to use error.http_code and error.code which don't exist. >> So OK, I just printed error, and here is my error: RSA key format is not >> supported >> >> But the fact is, even if I have my private key from Google, I've no idea >> where to put it. In git/plugins/inventory/gce.ini there is a variable >> called: gce_service_account_pem_file_path = >> But I don't know how to override it. >> >> So, do someone know how to set the good location for my private key? >> >> And also, the error that ansible returns me, "RSA key format is not >> supported". I think it comes directly from the GCE driver, so is it still >> good to use the RSA formated private key? >> >> >> > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
