Reputation: 574
How do I use remote machine's SSH keys in ansible git module
I've been trying to get Ansible to provision a remote machine, and I want the remote machine to be set up with its own keys, and have the ability to clone git repositories from Bitbucket.
The user is set up, has its own id_rsa.pub, and the key has been registered with bitbucket.
But, when I use the Ansible Git module, it looks like the module always tries to use the keys from the machine running the playbook.
How do I get the git module to use the id_rsa.pub from the remote machine?
The relevant task is this:
- name: be sure prom-king has an up-to-date clone of its own repository
git:
repo: "ssh://[email protected]/prom-king.git"
dest: /home/promking/prom-king
accept_hostkey: yes
clone: yes
key_file: /home/promking/.ssh/id_rsa.pub
update: yes
The relevant inventory is this
# inventory file for use with the vagrant box in the testing directory.
[prom-king]
192.168.168.192 ansible_ssh_host=127.0.0.1 ansible_sudo=true ansible_connection=ssh ansible_ssh_port=2222 ansible_ssh_user=vagrant ansible_ssh_private_key_file=testing/.vagrant/machines/default/virtualbox/private_key
Upvotes: 18
Views: 39683
Answers (3)
Reputation: 367
A note in case useful: for anyone using github (and I assume also applies to gitlab, etc.) - ensure that you provide the URL, correctly, in SSH form. If the key file is provided but you give ansible the HTTPS URL, it'll just quietly ignore the key and (potentially) hang waiting for input with a username and password.
Upvotes: 2
Reputation: 83438
This is how I deploy from Github using a key file set on the remote server. If the keyfile parameter for git doesn't work then something is wrong with your playbook:
- name: Creates .ssh directory for root
sudo: yes
file: path=/root/.ssh state=directory
# This public key is set on Github repo Settings under "Deploy keys"
- name: Upload the private key used for Github cloning
sudo: yes
copy: src=keys/github dest=/root/.ssh/github
- name: Correct SSH deploy key permissions
sudo: yes
file: dest=/root/.ssh/github mode=0600
- name: Deploy site files from Github repository
sudo: yes
git:
repo: [email protected]:miohtama/foobar.git
dest: /srv/django/foobar
key_file: /root/.ssh/github
accept_hostkey: yes
force: yes
Upvotes: 42
Reputation: 59989
If I understand this correctly, you do - or want to - deploy your private key to the remote machine so you can clone the repo. I believe instead you should use key forwarding. In your .ssh/config set this:
ForwardAgent yes
Or if you want to limit this to Ansible you can define it in your ansible.cfg:
[ssh_connection]
ssh_args= -A
Upvotes: 15
Related Questions
- Ansible SSH private key in source control?
- Ansible and git with SSH key forwarding - works, but with two problems to solve
- Add Key pair to remote linux server
- SSH Key pairs with Ansible
- Ansible: "Permission denied (publickey)" when using git module
- How to forward ssh key in ansible to checkout git repository on target machine from origin?
- automate usage of SSH local key for git deployment with ansible
- How to tell ansible to use a key
- Ansible SSH Key Setup
- Configuring SSH in Ansible