Configuring SSH in Ansible

Question

Please note: Although this question is specifically about how SSH configuration occurs in Ansible, I have a feeling that any Linux/SSH guru would understand what the Ansible docs are getting at and should be able to answer this for me.

I have three VMs I am using for an experimental Ansible setup:

• ansible01 - an Ubuntu machine where I have just installed Ansible 1.9.2
• db01 - an Ubuntu machine where I will eventually have a MySQL instance running
• mq01 - an Ubuntu machine where I will eventually have a RabbitMQ instance running

I then went into ansible01:/etc/ansible/hosts and gave it the following static configuration:

[databases]
db01.example.org

[brokers]
mq01.example.org

I am now at the section of their documentation where they discuss SSH keys and I am not fully understanding what I need to do.

It says to run:

ssh-agent bash
ssh-add ~/.ssh/id_rsa

And then to try and ping all your nodes via ansible all -m ping. However the docs don’t say where I’m supposed to execute those SSH commands, and I feel like there’s got to be more to it than just that.

So I ask: Where am I supposed to be creating SSH keys, and what exact commands do I need to run (and on which servers) so that ansible all -m ping will ping both my db01 and mq01 machines?

---

Update

When I SSH into ansible01 and run those SSH commands, here's the output:

myuser@ansible01:~$ ssh-agent bash
myuser@ansible01:~$ ssh-add ~/.ssh/id_rsa
/home/myuser/.ssh/id_rsa: No such file or directory

Answer 1

You are right, the documentation is not very clear and your problem is really an SSH problem and not an ansible one. To use SSH with key based logon you need to generate a keypair and copy the public key to the authorized_keys file on each machine you want to access. If your private key has a password you will need to key that each time you use SSH or use ssh-agent as you have described to save the private key password in your current session.

You also need to set up the known_hosts file on each machine you want to connect to or ansible will not be able to connect. There are lots of write ups on this, look for "key based ssh logon". Before attempting to use ansible you need to be able connect via SSH using either key based or certificate based logon. Once you have that working try ansible again.

Answer 2

You should create the SSH keys to your user's .ssh directory, commonly found in:

~/.ssh/

Which means you should have the following file on ansible01:

~/.ssh/id_rsa

From your ansible01 machine you will need to run the command:

ssh-add ~/.ssh/id_rsa

The above command sets it so that your SSH automatically looks to use the private key, id_rsa, when initiating an SSH session (which is what Ansible runs on by default). You can have add that command to your .bash_profile to have it run automatically each time you initiate a new bash session.

To ping all of the machines defined in your host inventory using Ansible you would run the following command:

ansible all -m ping

As to your question on which machine you should run the ping command on? This would be your machine which you have installed Ansible on- in your case ansible01