Hi Michael, First, thanks for reporting the bug. I've filed https://github.com/ansible/ansible/issues/5583 so feel free to add more details if you'd like. I'll try and get a fix for an improved error message out soon.
I've seen the error "RSA key format is not supported" typically only when the keyfile has not been properly converted to RSA/PEM format. It's likely redundant information, but just to be clear, the command I use to convert my key is: $ openssl pkcs12 -in long-hash-keyname.p12 -nodes -nocerts | openssl rsa -out /path/to/converted.pem When prompted for a password, the default is: notasecret If I use 'file' on both, I see: long-hash-keyname.p12: data converted.pem: PEM RSA private key Make sure you have the latest libcloud installed (pip install apache-libcloud==0.14.0-beta3). Now, just so we can verify that the key is working and you can at least connect to GCE and extract host information, try this: Checkout the latest ansible from source and set up the environment, $ git clone https://github.com/ansible/ansible $ cd ansible $ . hacking/env-setup Create a 'secrets' file in your home directory and set the proper values. Alternatively, you should be able to create this file in the PYTHONPATH defined when running "source hacking/env-setup" $ cat $HOME/secrets.py GCE_PARAMS = ('[email protected]', '/path/to/converted.pem') GCE_KEYWORD_PARAMS = {'project': 'my_project_id'} Edit the gce.ini file in the source tree, and set the 'libcloud_secrets' variable, the relevant parts for me look like, $ cat plugins/inventory/gce.ini [gce] libcloud_secrets = /home/myusername Now, you can set an environment variable for the inventory plugin, $ export GCE_INI_PATH=$HOME/ansible/plugins/inventory/gce.ini With all that in place, you can try to use the inventory plugin against an existing GCE instance just to see if all the auth stuff is working: $ ansible/plugins/inventory/gce.py --host myinstance And you'll hopefully get back some json about that instance. I know this is a lot of overhead, but I'm not clear about the idiomatic way to define these libcloud/GCE authentication parameters. I'd be very grateful to be enlightened with a large cluestick! Ultimately for the GCE modules, they need to exist in a 'secrets.py' file that's in ansible's PYTHONPATH. Hope that helps! Eric On Thu, Jan 9, 2014 at 9:56 AM, <[email protected]> wrote: > Hello, > > I'm trying to use the GCE module, but so far, I'm not very lucky. > > What I have done: > 1. I registered a new "service app" on my google cloud console, and > downloaded the generated private key, in pkcs2 format. > 2. Created a file secrets.py looking like following, and put it in some > folder which is in my PYTHONPATH > --- > GCE_PARAMS = ('[email protected]', 'secret') > GCE_KEYWORD_PARAMS = {'project': 'project-name'} > --- > > 3. Converted my private key in RSA format > 4. Created a playbook looking like following > --- > - hosts: localhost > tasks: > - local_action: > module: gce > name: test-instance > zone: europe-west1-b > machine_type: f1-micro > image: debian-7 > --- > > But when I tried to run my playbook, I've : > --- > failed: [127.0.0.1] => {"failed": true, "parsed": false} > invalid output was: Traceback (most recent call last): > File "/root/.ansible/tmp/ansible-1389289770.6-124236068572659/gce", line > 1446, in <module> > main() > File "/root/.ansible/tmp/ansible-1389289770.6-124236068572659/gce", line > 376, in main > module.fail_json(msg=unexpected_error_msg(e), changed=False) > File "/root/.ansible/tmp/ansible-1389289770.6-124236068572659/gce", line > 190, in unexpected_error_msg > error.http_code, error.code, str(error.value)) > AttributeError: 'exceptions.ValueError' object has no attribute 'http_code' > --- > > That's a bug of the module, on /usr/share/ansible/cloud/gce at line 190 it > tries to use error.http_code and error.code which don't exist. > So OK, I just printed error, and here is my error: RSA key format is not > supported > > But the fact is, even if I have my private key from Google, I've no idea > where to put it. In git/plugins/inventory/gce.ini there is a variable > called: gce_service_account_pem_file_path = > But I don't know how to override it. > > So, do someone know how to set the good location for my private key? > > And also, the error that ansible returns me, "RSA key format is not > supported". I think it comes directly from the GCE driver, so is it still > good to use the RSA formated private key? > > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
