The synchronize module of Ansible (v1.6.5) prompts for the passphrase (Enter passphrase for key) even though I already entered it at the beginning of running the playbook.
Any idea why?
I run my playbook with the following options:
-u myuser --ask-sudo-pass --private-key=/path/to/id_rsa
Here is my synchronize task:
- name: synchronize source files in src location
sudo: yes
synchronize: src={{local_src}} dest={{project_dirs.src}} archive=yes delete=yes rsync_opts=["--compress"]
when: synchronize_src_files
UPDATE with ssh-agent
Following the advice of Lekensteyn, I tried with ssh-agent. I do not have a prompt anymore but the task fails. What am I missing?
eval `ssh-agent -s`
ssh-add ~/.ssh/id_rsa
The error:
TASK: [rolebooks/project | synchronize source files in src location] **********
failed: [10.0.0.101] => {"cmd": "rsync --delay-updates -FF --compress --delete-after --archive --rsh 'ssh -i /home/vagrant/.ssh/id_rsa -o StrictHostKeyChecking=no' --rsync-path=\"sudo rsync\" [--compress] --out-format='<<CHANGED>>%i %n%L' /projects/webapp [email protected]:/var/local/sites/project1/src", "failed": true, "rc": 12}
msg: sudo: no tty present and no askpass program specified
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: error in rsync protocol data stream (code 12) at io.c(226) [sender=3.1.0]
The synchronize
command (up to at least Ansible 1.6.6) seems to ignore the normal SSH control socket opened by Ansible. Your task could expand to the following:
{
"cmd": "rsync --delay-updates -FF --compress --archive
--rsh 'ssh -o StrictHostKeyChecking=no'
--out-format='<<CHANGED>>%i %n%L'
/home/me/src/ user@host:/dest/",
"failed": true,
"rc": 23
}
To get these details, run your playbook with the -v
option. As a workaround for this, you can start ssh-agent
and add cache your SSH key with ssh-add
. Refer to their manual pages for details.
Extra caveats with the synchronize
module:
sudo: yes
, ansible will run with --rsh 'sudo ssh'
which will break if the remote sudo configuration requires a password and/ or TTY. Solution: set sudo: no
in your task definition.ansible_ssh_user
), not the sudo user. I have not found a way to override this user (besides an untested method that overrides the user with -o User
option via one of the other options (dest_port="22 -o User=your_user"
?) in combination with set_remote_user=yes
).This is taken from my tasks file:
- name: sync app files
sudo: no
synchronize: src={{app_srcdir}}/ dest={{appdir}}/
recursive=yes
rsync_opts=--exclude=.hg
# and of course Ubuntu 12.04 does not support --usermap..
#,--chown={{deployuser}}:www-data
# the above goes bad because ansible_ssh_user=user has no privileges
# local_action: command rsync -av --chown=:www-data
# {{app_srcdir}}
# {{deployuser}}@{{inventory_hostname}}:{{appdir}}/
# when: app_srcdir is defined
# The above still goes bad because {{inventory_hostname}} is not ssh host...
I think by default synchronize is explicitly setting a username on the rsync command - you can prevent this and allow rsync to work from your ssh config file.
http://docs.ansible.com/synchronize_module.html
set_remote_user
put user@ for the remote paths. If you have a custom ssh config to define the remote user for a host that does not match the inventory user, you should set this parameter to "no".
I have a remote user configured in my ssh config and needed to add set_remote_user=no
to get synchronize to work, otherwise it tried to use the wrong username and neither ssh key nor password would work.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With