Invoking ansible-playbook using credential parameter

Using Jenkins
1

Hello Ia trying to run an ansible playbook from in a declarative pipeline and passing a user credential via a credential parameter.
When the jobs run I select a private credential and use it in the ansible-playbook step.
However the job fails, since it cannot connect to the target hots.
From looking in the logs it appears to be the problem, that the credential i pass is not used.

In the logs on can sees that the connection is tried as user none and the keys from the jenkins user homedirectory are tried.

However I would have expected the the username and the private key from the credential are used.

Is there a way to achieve this?

Here are the relevant code snippets from the pipeline

	parameters {
		 
          credentials credentialType: 'com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey',
		       name: 'DEPLOY_CRED', required: true, defaultValue: '', 
			   description: 'The credential used on the target systems for the deployment (Username, SSH Key)'
			  
    }

			steps {
				ansiblePlaybook credentialsId: "${DEPLOY_CRED}" , 
					extras: '--check -vvvv',
				    inventory: 'inventory/DEV.yml',
					playbook: 'setupMonitoring.yml',
					colorized: true				      
			}
2

I don’t know anything about this plugin specifically, but I wonder if its not supporting user credentials or something.

I recommend trying something simplier to debug with

steps {
   script { // I don't know if you need a script tag for this.
     sshagent (credentials: [env.DEPLOY_CRED]) {
       sh 'ssh -v -o StrictHostKeyChecking=no whateverhostname uname -a'
     }
  }
}

which would give a bunch of debugging, and use the ssh agent plugin which I know works.

3

In fact the support for the credentialId parameter was my main reason to use the ansible plugin instead of running the playbook via a sh step. It was my hope that this would simply the boilerplate code for passing the credentials from the credential parameter to the playbook.

for debugging I used the extra parameter to pass the -vvvv option to ansible-playbook and the playbook provided quit a lot debug output, especially concerning the connection establishment.

From what I saw in the log, is, that the credential parameter selected my credential containing my userid and my private key,
However from the log for establishing the SSL connection it seams it ignores these credentials.
The user is reported as none and as keys the keys form the jenkins User directory are used.

4

The documentation of the ansible plugin is rather short, especially concerning the arguments and the credential.

Also I am not sure whether it is a proble, that the credential I am selecting is not a global credential but one belonging to the user.

Thus I was hoping someone had a working code snippet for combining ansible Playbook with an credential parameter

5

Some more experiments with credential lead me to the fact the problem might be that I want to access a personal credential.

When I try the following pipeline. it will work for global credentials but fail for user credentials


	parameters {
          credentials credentialType: 'com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey',
		  name: 'DEPLOY_CRED', required: true, defaultValue: '', 
			   description: 'The credential used on the target systems for the deployment (Username, SSH Key)'
			  
    }

    stages {

	    stage( 'public') {
            agent any
			steps {
				echo "Deploy monitoring on  XXX  as ${DEPLOY_CRED}"

				withCredentials([sshUserPrivateKey(credentialsId: "${DEPLOY_CRED}",
				    keyFileVariable: 'KEY_PATH',
					usernameVariable: 'REMOTE_USER' )]) {
					
						sh 'cp $KEY_PATH luckilucki.txt'
						echo "${REMOTE_USER} ${KEY_PATH}"

				}
            }
		}