I've been trying to get Ansible to provision a remote machine, and I want the remote machine to be set up with its own keys, and have the ability to clone git repositories from Bitbucket.
The user is set up, has its own id_rsa.pub, and the key has been registered with bitbucket.
But, when I use the Ansible Git module, it looks like the module always tries to use the keys from the machine running the playbook.
How do I get the git module to use the id_rsa.pub from the remote machine?
The relevant task is this:
- name: be sure prom-king has an up-to-date clone of its own repository
git:
repo: "ssh://[email protected]/prom-king.git"
dest: /home/promking/prom-king
accept_hostkey: yes
clone: yes
key_file: /home/promking/.ssh/id_rsa.pub
update: yes
The relevant inventory is this
# inventory file for use with the vagrant box in the testing directory.
[prom-king]
192.168.168.192 ansible_ssh_host=127.0.0.1 ansible_sudo=true ansible_connection=ssh ansible_ssh_port=2222 ansible_ssh_user=vagrant ansible_ssh_private_key_file=testing/.vagrant/machines/default/virtualbox/private_key
In ansible git module generally we have to pass two arguments those are repo and dest. Repo represents the your github repository url and dest represents the path in which directory/folder you want to checkout the code. In above example my github code will be downloaded into /root/mycode directory.
Ansible can use a variety of connection methods beyond SSH. You can select any connection plugin, including managing things locally and managing chroot, lxc, and jail containers.
This is how I deploy from Github using a key file set on the remote server. If the keyfile
parameter for git
doesn't work then something is wrong with your playbook:
- name: Creates .ssh directory for root
sudo: yes
file: path=/root/.ssh state=directory
# This public key is set on Github repo Settings under "Deploy keys"
- name: Upload the private key used for Github cloning
sudo: yes
copy: src=keys/github dest=/root/.ssh/github
- name: Correct SSH deploy key permissions
sudo: yes
file: dest=/root/.ssh/github mode=0600
- name: Deploy site files from Github repository
sudo: yes
git:
repo: [email protected]:miohtama/foobar.git
dest: /srv/django/foobar
key_file: /root/.ssh/github
accept_hostkey: yes
force: yes
If I understand this correctly, you do - or want to - deploy your private key to the remote machine so you can clone the repo. I believe instead you should use key forwarding. In your .ssh/config
set this:
ForwardAgent yes
Or if you want to limit this to Ansible you can define it in your ansible.cfg
:
[ssh_connection]
ssh_args= -A
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With