Windows SSH key permissions workaround

2025-08-02 10:53:01 +02:00 · 2019-09-12 13:40:59 +02:00 · 2019-09-12 13:40:59 +02:00 · 52ffa9394b
commit 52ffa9394b
parent 61729ac9b5
4 changed files with 24 additions and 14 deletions
--- a/config.cfg
+++ b/config.cfg
@ -132,6 +132,7 @@ congrats:
 SSH_keys:
  comment: algo@ssh
  private: configs/algo.pem
+  private_tmp: /tmp/algo-ssh.pem
  public: configs/algo.pem.pub

 cloud_providers:
--- a/playbooks/cloud-post.yml
+++ b/playbooks/cloud-post.yml
@ -23,7 +23,7 @@
 - name: Additional variables for the server
  add_host:
    name: "{% if cloud_instance_ip == 'localhost' %}localhost{% else %}{{ cloud_instance_ip }}{% endif %}"
-    ansible_ssh_private_key_file: "{{ SSH_keys.private }}"
+    ansible_ssh_private_key_file: "{{ SSH_keys.private_tmp }}"
  when: algo_provider != 'local'

 - name: Wait until SSH becomes ready...
--- a/playbooks/cloud-pre.yml
+++ b/playbooks/cloud-pre.yml
@ -29,17 +29,26 @@
  delegate_to: localhost
  become: false

+- block:
  - name: Generate the SSH private key
    openssl_privatekey:
      path: "{{ SSH_keys.private }}"
      size: 2048
      mode: "0600"
      type: RSA
-  when: algo_provider != "local"

  - name: Generate the SSH public key
    openssl_publickey:
      path: "{{ SSH_keys.public }}"
      privatekey_path: "{{ SSH_keys.private }}"
      format: OpenSSH
+
+  - name: Copy the private SSH key to /tmp
+    copy:
+      src: "{{ SSH_keys.private }}"
+      dest: "{{ SSH_keys.private_tmp }}"
+      force: true
+      mode: '0600'
+    delegate_to: localhost
+    become: false
  when: algo_provider != "local"
--- a/server.yml
+++ b/server.yml
@ -41,7 +41,7 @@
              server: {{ 'localhost' if inventory_hostname == 'localhost' else inventory_hostname }}
              server_user: {{ ansible_ssh_user }}
              {% if algo_provider != "local" %}
-              ansible_ssh_private_key_file: {{ ansible_ssh_private_key_file|default(SSH_keys.private) }}
+              ansible_ssh_private_key_file: {{ SSH_keys.private }}
              {% endif %}
              algo_provider: {{ algo_provider }}
              algo_server_name: {{ algo_server_name }}