Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do I use remote machine's SSH keys in ansible git module

I've been trying to get Ansible to provision a remote machine, and I want the remote machine to be set up with its own keys, and have the ability to clone git repositories from Bitbucket.

The user is set up, has its own id_rsa.pub, and the key has been registered with bitbucket.

But, when I use the Ansible Git module, it looks like the module always tries to use the keys from the machine running the playbook.

How do I get the git module to use the id_rsa.pub from the remote machine?

The relevant task is this:

- name: be sure prom-king has an up-to-date clone of its own repository
  git:
    repo: "ssh://[email protected]/prom-king.git"
    dest: /home/promking/prom-king
    accept_hostkey: yes
    clone: yes
    key_file: /home/promking/.ssh/id_rsa.pub
    update: yes

The relevant inventory is this

# inventory file for use with the vagrant box in the testing directory.
[prom-king]
192.168.168.192 ansible_ssh_host=127.0.0.1 ansible_sudo=true ansible_connection=ssh  ansible_ssh_port=2222 ansible_ssh_user=vagrant ansible_ssh_private_key_file=testing/.vagrant/machines/default/virtualbox/private_key
like image 270
jschank Avatar asked Apr 19 '15 01:04

jschank


People also ask

How do I use Ansible module in git?

In ansible git module generally we have to pass two arguments those are repo and dest. Repo represents the your github repository url and dest represents the path in which directory/folder you want to checkout the code. In above example my github code will be downloaded into /root/mycode directory.

What are the different ways other than SSH by which Ansible can connect to remote hosts?

Ansible can use a variety of connection methods beyond SSH. You can select any connection plugin, including managing things locally and managing chroot, lxc, and jail containers.


2 Answers

This is how I deploy from Github using a key file set on the remote server. If the keyfile parameter for git doesn't work then something is wrong with your playbook:

- name: Creates .ssh directory for root
  sudo: yes
  file: path=/root/.ssh state=directory

# This public key is set on Github repo Settings under "Deploy keys"
- name: Upload the private key used for Github cloning
  sudo: yes
  copy: src=keys/github dest=/root/.ssh/github

- name: Correct SSH deploy key permissions
  sudo: yes
  file: dest=/root/.ssh/github mode=0600

- name: Deploy site files from Github repository
  sudo: yes
  git:
    repo: [email protected]:miohtama/foobar.git
    dest: /srv/django/foobar
    key_file: /root/.ssh/github
    accept_hostkey: yes
    force: yes
like image 126
Mikko Ohtamaa Avatar answered Sep 18 '22 07:09

Mikko Ohtamaa


If I understand this correctly, you do - or want to - deploy your private key to the remote machine so you can clone the repo. I believe instead you should use key forwarding. In your .ssh/config set this:

ForwardAgent yes

Or if you want to limit this to Ansible you can define it in your ansible.cfg:

[ssh_connection]
ssh_args= -A
like image 35
udondan Avatar answered Sep 20 '22 07:09

udondan