Ansible 1.6, having problems cloning git rep with ssh agent forwarding

Question

I'm having problems cloning a repo from Git using ssh forwarding. This is my setup:

- name: Setup/pull the Git repo
  git: repo={{ git_repo }} dest={{ git_root }} update=yes accept_hostkey=yes
  when: setup_git_repo
  tags: git deploy
  #git_repo = git@github.com:my_name/repo.git

I get this debug from -vvvv

<x.x.x.x> ESTABLISH CONNECTION FOR USER: ubuntu
<x.x.x.x> REMOTE_MODULE git repo=git@github.com:name/repo.git dest=/webapps/example-app/example update=yes accept_hostkey=yes
<x.x.x.x> EXEC ['ssh', '-C', '-tt', '-vvv', '-o', 'ForwardAgent=yes', '-o', u'IdentityFile="/Library/keys/aws-key.pem"', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'User=ubuntu', '-o', 'ConnectTimeout=10', 'x.x.x.x', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1403001910.72-137077614801868 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1403001910.72-137077614801868 && echo $HOME/.ansible/tmp/ansible-tmp-1403001910.72-137077614801868'"]      

I can see the identity file is not the id I want to use, my key for git is in ~/.ssh/ on the machine from which I'm running Ansible. How can i tell it to use the correct key or why isn't it trying other keys instead of just hanging?

I run Ansible with 'private_key_file' set to the aws key. Maybe this is the issue?

I can see how this might be possible by using the git module's key_file variable and uploading my git private key to the server I'm provisioning. I don't want to do this though, I want ssh forwarding from my localhost.

Is it possible? Can anyone help please?

Answer 1

Ok I finally solved this.

First of all check ssh agent forwarding is working without Ansible. This list is a pretty good resource for that - https://help.github.com/articles/using-ssh-agent-forwarding.

After that, I simply added this to anisble.cfg and everything works as expected.

sudo_flags=-HE