UnixArena

Jenkins- Ansible -Authenticate Server using Protected Passphrase

By Leave a Comment

Ansible is the most widely used configuration management tool. A recent challenge was to authenticate the servers using a protected passphrase. We have a set of servers which can be authenticated only using a passphrase. This article will provide a step by step procedure to authenticate ansible clients using a private key and protected passphrase. Jenkins can be used as a front end GUI portal to call the Ansible playbook. Jenkins does more than what AWX/Ansible Tower does.

 

Environment: 

  • Ansible – ansible 2.7.10
  • Jenkins – Jenkins 2.138.3

 

Challenge:

When you run the playbook against the host which are using a protected passphrase, it will prompt for the protected key.

[linadm@ansible-server ~]$ ansible-playbook -i temp test.yml

PLAY [192.168.3.151] *********************************************************************************

TASK [Gathering Facts] *******************************************************************************************************
Enter passphrase for key '/home/linadm/.ssh/id_rsa':

 

Once you have entered the protected key, it will connect to the host and run the required tasks.  How to call this playbook in Jenkins?   Jenkins job won’t be prompted to enter the protected key. How to overcome this issue?

If you are new to Ansible + Jenkins combo, please go through this article

 

1. Login to Jenkins portal.

 

2. Configure the job and navigate to the build tab.  In invoking Ansible plugin, click to add credentials.

Ansible Playbook - Jenkins - Passphrase
Ansible Playbook – Jenkins – Passphrase

 

3. In the Jenkins credentials provider, select kind as ” SSH username with private key”

Jenkins - Passing passphrase for Ansible playbook
Jenkins – Passing passphrase for Ansible playbook

 

4. Enter a user name, the private key of the ansible host and protected the key value and save it.

Jenkins Global Credential - Passphrase
Jenkins Global Credential – Passphrase

 

5. Select the newly created credentials in Jenkins job which is actually calling the ansible playbook.

Select the newly created credentials - Jenkins Ansible
Select the newly created credentials – Jenkins Ansible

 

6. Build the job and check the ansible playbook results.  Here, we can see the complete ansible command with private key switch.

Build Jenkins Job - Check the execution
Build Jenkins Job – Check the execution

 

We have successfully used the protected passphrase for invoking ansible playbook using Jenkins. There is another workaround documented in StackOverflow using ssh agent.

Hope this article is informative to you.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *