Hello,
I'm trying to use the ec2_win_password module to retrieve the default
Administrator password for an EC2 instance. I had a play working and then
upgraded to Ansible 2.4. I added the cryptography module as the notes
indicate. My play continually fails returning a message that it can't parse
the key file (and the key file is not encrypted).
I ran a test where I encrypted the key file and provided a passphrase in
the play and things did work successfully.
Would anyone have any thoughts on why this might be failing with an
unecrypted key and no password? Below is the debug output from the play.
It kind of feels to me like it thinks a password is being given even though
I don't mention the parameter in the play. As such, it's existing because
the key is not encrypted.
Thank you
Ryan
ansible-playbook 2.4.0.0
config file = None
configured module search path =
[u'/Users/rhowe/.ansible/plugins/modules',
u'/usr/share/ansible/plugins/modules']
ansible python module location = /Library/Python/2.7/site-packages/ansible
executable location = /usr/local/bin/ansible-playbook
python version = 2.7.10 (default, Feb 7 2017, 00:08:15) [GCC 4.2.1
Compatible Apple LLVM 8.0.0 (clang-800.0.34)]
No config file found; using defaults
setting up inventory plugins
Parsed /etc/ansible/hosts inventory source with ini plugin
Loading callback plugin default of type stdout, v2.0 from
/Library/Python/2.7/site-packages/ansible/plugins/callback/__init__.pyc
PLAYBOOK: 03_retrieve_admin_password.yml
*********************************************************************************************************************************************
1 plays in 03_retrieve_admin_password.yml
PLAY [localhost]
*********************************************************************************************************************************************************************
META: ran handlers
TASK [Get Administrator Password]
****************************************************************************************************************************************************
task path: /Users/rhowe/ansible_scripts/03_retrieve_admin_password.yml:10
Using module_utils file
/Library/Python/2.7/site-packages/ansible/module_utils/_text.py
Using module_utils file
/Library/Python/2.7/site-packages/ansible/module_utils/basic.py
Using module_utils file
/Library/Python/2.7/site-packages/ansible/module_utils/ec2.py
Using module_utils file
/Library/Python/2.7/site-packages/ansible/module_utils/six/__init__.py
Using module_utils file
/Library/Python/2.7/site-packages/ansible/module_utils/parsing/convert_bool.py
Using module_utils file
/Library/Python/2.7/site-packages/ansible/module_utils/parsing/__init__.py
Using module_utils file
/Library/Python/2.7/site-packages/ansible/module_utils/pycompat24.py
Using module_utils file
/Library/Python/2.7/site-packages/ansible/module_utils/cloud.py
Using module file
/Library/Python/2.7/site-packages/ansible/modules/cloud/amazon/ec2_win_password.py
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: rhowe
<127.0.0.1> EXEC /bin/sh -c 'echo ~ && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo
/Users/rhowe/.ansible/tmp/ansible-tmp-1506010305.03-241574263221967 `" &&
echo ansible-tmp-1506010305.03-241574263221967="` echo
/Users/rhowe/.ansible/tmp/ansible-tmp-1506010305.03-241574263221967 `" ) &&
sleep 0'
<127.0.0.1> PUT /var/folders/92/sndgxv6s3dnfhpptzcbf98k80000gn/T/tmpwA8R2C
TO
/Users/rhowe/.ansible/tmp/ansible-tmp-1506010305.03-241574263221967/ec2_win_password.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x
/Users/rhowe/.ansible/tmp/ansible-tmp-1506010305.03-241574263221967/
/Users/rhowe/.ansible/tmp/ansible-tmp-1506010305.03-241574263221967/ec2_win_password.py
&& sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/usr/bin/python
/Users/rhowe/.ansible/tmp/ansible-tmp-1506010305.03-241574263221967/ec2_win_password.py;
rm -rf
"/Users/rhowe/.ansible/tmp/ansible-tmp-1506010305.03-241574263221967/" >
/dev/null 2>&1 && sleep 0'
The full traceback is:
File
"/var/folders/92/sndgxv6s3dnfhpptzcbf98k80000gn/T/ansible_vLagCP/ansible_module_ec2_win_password.py",
line 167, in main
key = load_pem_private_key(f.read(), b_key_passphrase, BACKEND)
File
"/Library/Python/2.7/site-packages/cryptography/hazmat/primitives/serialization.py",
line 20, in load_pem_private_key
return backend.load_pem_private_key(data, password)
File
"/Library/Python/2.7/site-packages/cryptography/hazmat/backends/openssl/backend.py",
line 1006, in load_pem_private_key
password,
File
"/Library/Python/2.7/site-packages/cryptography/hazmat/backends/openssl/backend.py",
line 1231, in _load_key
"Password was given but private key is not encrypted.")
fatal: [localhost]: FAILED! => {
"changed": false,
"failed": true,
"invocation": {
"module_args": {
"aws_access_key": "xxxxxxxxxxxx",
"aws_region": "us-east-1",
"aws_secret_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"ec2_url": null,
"instance_id": "i-xxxxxxxx",
"key_file": "/Users/rhowe/Documents/ssh_keys/KeyFileName.pem",
"key_passphrase": null,
"profile": null,
"region": "us-east-1",
"security_token": null,
"validate_certs": true,
"wait": false,
"wait_timeout": "120"
}
},
"msg": "unable to parse key file"
}
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/a678f8d7-b572-49c9-98de-b6b9aef27c8c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
