How to use multiple private keys in one inventory of Ansible

Question

I have an ansible inventory which looks like:

# Create an OSEv3 group that contains the masters and nodes groups
[OSEv3:children]
masters
nodes

# Set variables common for all OSEv3 hosts
[OSEv3:vars]
# SSH user, this user should allow ssh based auth without requiring a password
ansible_ssh_user=centos

# If ansible_ssh_user is not root, ansible_sudo must be set to true
ansible_sudo=true

product_type=openshift
deployment_type=enterprise

# uncomment the following to enable htpasswd authentication; defaults to DenyAllPasswordIdentityProvider
#openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/openshift/openshift-passwd'}]

# host group for masters
[masters]
master.example.com

# host group for nodes, includes region info
[nodes]
master.example.com openshift_node_labels="{'region': 'infra', 'zone': 'default'}"
node1.example.com openshift_node_labels="{'region': 'primary', 'zone': 'east'}"
node2.example.com openshift_node_labels="{'region': 'primary', 'zone': 'west'}"

Now I need keys to make the host accessible for ansible. I have 2 keys. One for my master and one for my nodes. How can I change this script to tell ansible about which key it must use?

The script will be executed on my master. My master contains the 2 keys in /root/.ssh/

At the moment I only now private_key_file in /etc/ansible/ansible.cfg but that can only configured with one standard key for Ansible.

Answer 1

You can define behavioral parameters in your inventory. Either behind each host or in a separate group:vars section. Since you have multiple nodes which share the same key the latter makes more sense:

[masters:vars]
ansible_ssh_private_key_file=1.pem

[nodes:vars]
ansible_ssh_private_key_file=2.pem