Reputation: 1150
Vagrant, Ansible, and SSH forwarding
I'm trying to use Vagrant and Ansible to create a developer VM environment. I'm able to connect just fine and install packages. My issue seems to be with ssh, git, and keyfiles. My setup is unfortunately rather complicated, and I don't have the ability to change that. The git repositories are hosted on a machine that I have to connect to via a bastion host with a keyfile.
My local ssh config file has all the necessary proxy commands to make this work. I have SSH forwarding my key, because I can log into the VM manually and use git. Via Ansible it doesn't seem to know about hosts that should be setup via the ssh config file.
I am not running the git clone as sudo, and I am using accept_hostkey. It just doesn't seem to know about the repository host at all.
I have also tried adding an ansible.cfg with the following command:
ssh_args = -o ControlPersist=15m -F ssh.config -q
The ssh.config file is the same as my ~/.ssh/config that happens to work when doing the git clones manually. I'm also doing this as the vagrant user manually, and I have remote_user set to vagrant in my playbook.
I'm just kind of stumped as to how this is supposed to work.
Upvotes: 2
Views: 1222
Answers (3)
Reputation: 1150
So the issue turned out to be that I was actually running one of my git clones as root after all.
For the SSH key to be forwarded properly in that case, you have to edit /etc/sudoers (with visudo) and update env_keep so that SSH_AUTH_SOCK is preserved.
Upvotes: 0
Reputation: 23771
If I understand correctly, you can do it manually git clone into your vagrant machine?
If yes, then you can do like this, as you have already told us that the both machine has exactly the same ~/.ssh/config file, then you can do like this which I did during the git clone, when I got error:
- name: Pull sources from the repository.
git: repo='[email protected]:test/test.git' version=master dest=/var/www accept_hostkey=True force=yes recursive=no key_file=~/.ssh/id_rsa
Sometime, explicitly defined the key_file, accept_hostkey=True and force=yes solve the problem.
On the other hand, if you want to explicit define that always us the ssh connection instead of paramiko, then you can set into your ansible.cfg file, which is located at /etc/ansible/ansible.cfg
[defaults]
transport=ssh
There is another technique that I have read somewhere, you can also try that please to teach Ansible to talk to Git server on your behalf (again this change is in /etc/ansible/ansible.cfg)
[ssh_connection]
ssh_args = -o ForwardAgent=yes
Hope this will help you. Thanks
Upvotes: 1
Reputation: 4575
I'm not too familiar with Ansible but from docs, Ansible supports 2 ssh transports: OpenSSH, Paramiko (Python's SSH). Unless you manually choose which one to use, it might choose Paramiko instead of OpenSSH.
This can explain the troubles you are having, since ssh_args is OpenSSH specific setting.
Upvotes: 0
Related Questions
- SSH into a Vagrant machine with Ansible
- Ansible SSH forwarding doesn't seem to work with Vagrant
- ssh connection to Vagrant virtual machine using Ansible fails
- Ansible & Vagrant development environment
- Running Ansible playbooks on remote Vagrant box
- Vagrant forwarding ssh from remote server
- Vagrant and ansible & ssh
- Error connecting with Ansible to Vagrant guest using SSH
- Multiple reverse ssh to provision Vagrant with Ansible
- Ansible 1.6 + Vagrant 1.6 ssh forwarding doesn't look like it's working