Hi all!
In my company, we have playbooks to set up brand new servers in different
roles, so that we can quickly configure new servers in case of expansion,
emergency, etc.
One of the steps involved in these setups is adding a private key to some
of them. Now, this goes great 99% of the time, since it usually involves
adding a .ssh/id_rsa key, and ssh will attempt to use it automatically,
(based on its name I believe)
However, the problem is when adding private keys with a non standard name.
Say for example a server will hold 2 keys, one "id_rsa" and the other
"id_rsa_git". Normally, the second key will not work until ssh is made
aware of it with ssh-add. However, I seem to be unable to run this command
with ansible.
Here's what I have tried:
- command: ssh-add /home/{{ user }}/.ssh/id_rsa_git
Does not work, outputs "Could not open a connection to your authentication
agent.". Fair enough.
- shell: eval "$(ssh-agent)" && ssh-add /home/{{ user }}/.ssh/id_rsa_git
Seems to work, but doesn't. Here's the output I get if I run with the
verbose flag:
changed: [REDACTED] => {"changed": true, "cmd": "eval \"$(ssh-agent)\" &&
ssh-add /home/johndoe/.ssh/id_rsa_git", "delta": "0:00:00.006037", "end":
"2015-07-16 23:23:28.667177", "rc": 0, "start": "2015-07-16
23:23:28.661140", "stderr": "Identity added: /home/johndoe/.ssh/id_rsa_git
(/home/johndoe/.ssh/id_rsa_git)", "stdout": "Agent pid 28489"}
Seems about right, right? That would be the output you would get if you ran
it directly on the server. However, when I go to the server and I do
"ssh-add -l", I get "The agent has no identities." Huh?
I thought maybe the user wasn't right. So I tried:
shell: eval "$(ssh-agent)" && ssh-add /home/{{ user }}/.ssh/id_rsa_git &&
whoami
remote_user: johndoe
But this of course fails, since johndoe cannot ssh into servers (it's a
system user).
So, my question. Is there some sane way of doing the equivalent of ssh-add
that I am not aware of?
Thanks in advance!
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/e5072e2c-4550-4723-a58d-29c82373e886%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
