Hey Eric,
Thanks for your questions!
vagrant sets different private keys for each hosts
This is a new feature introduced in Vagrant 1.7.0, that you can easily
disable by adding this setting in your Vagrantfile:
config.ssh.insert_key = false
Another possible workaround (if you really want to keep these distinct ssh
key pairs for each machine), can consist in providing multiple private keys
to Ansible with something like:
config.ssh.private_key_path = [
"vagrant/machines/host-1/virtualbox/private_key",
...
".vagrant/machines/host-n/virtualbox/private_key" ]
Note: I did not test the latter.
Having in the future GH-5005 (add a global public key insertion)
<https://github.com/mitchellh/vagrant/issues/5005> will also help to solve
this problem.
But for now, I would personally recommend to stick to config.ssh.insert_key
= false.
How can I let vagrant specify this explicitly for ansible, in the generated
> inventory file, so that ansible can be run independently?
>
You cannot since this option is not supported at the moment. There is an
open pull request GH-5044 (Use `ansible_ssh_private_key_file` in generated
inventory) <https://github.com/mitchellh/vagrant/pull/5044/> that actually
proposes to go this way, but there are several issues around this proposal
that bring me to most probably reject it:
- this wish is motivated by an external or unsupported usages of Vagrant
(calling `ansible-playbook` from the shell or using the parallel
provisioning trick <https://github.com/mitchellh/vagrant/issues/5048>)
- it would require some tricky special cases that can lead to
unnecessary code complexity and usage confusions. Examples:
- When ansible.inventory_path is used, then pass the private key as a
command line argument.
- When a generated inventory is used, then put the private key paths
in the inventory file.
- Very probable mess when dealing with multiple SSH identities with
the config.ssh.private_key_path option and ANSIBLE_SSH_ARGS under the
hood.
- Many (most?) Ansible users configure a single ssh key pair for the
machines they manage, especially in simple/sandbox contexts like Vagrant.
If you don't share my opinions, please try to convince me of the contrary
with a comment directly on GH-5044 :-)
"Group variables are intentionally not supported, as this practice is not
> recommended." . If anyone can explain me why this is not recommended, I'm
> curious.
>
In the Inventory Guide from docs.ansible.com
<http://docs.ansible.com/intro_inventory.html#splitting-out-host-and-group-specific-data>
it
is mentioned that:
*The preferred practice in Ansible is actually not to store variables in
the main inventory file.*
By setting all your variables in group_vars (and/or host_vars) files, you
can easily configure multiple environments, etc.
Note that it might be a good idea to clarify a bit the vagrant docs by
saying something like "Group variables are intentionally not supported, as
it is not recommended to store variables in the main inventory file" (with
a link to Ansible docs
<http://docs.ansible.com/intro_inventory.html#splitting-out-host-and-group-specific-data>
).
I hope all this answer well your questions and please keep the discussion
open if you have any more doubts or remarks.
Best Regards,
Gilles
Le samedi 10 janvier 2015 15:49:01 UTC+1, Eric Feliksik a écrit :
>
> My Vagrantfile includes an instruction to do Ansible provisioning. Vagrant
> neatly generates an ansible inventory file
> in .vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory , but
> it does not include ansible_ssh_private_key_file instructions for each
> host:
>
> host-1 ansible_ssh_host=127.0.0.1 ansible_ssh_port=2200
> host-2 ansible_ssh_host=127.0.0.1 ansible_ssh_port=2201
> otherhost-1-1 ansible_ssh_host=127.0.0.1 ansible_ssh_port=2202
>
> The consequence is that I can not control them with ansible-playbook
> directly, as vagrant sets different private keys for each hosts so even
> ansible-playbook --private-key $MYFILE -i
> .vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory site.yml
> would not work. What does work is modifying the generated file:
>
> host-1 ansible_ssh_host=127.0.0.1 ansible_ssh_port=2200
> ansible_ssh_private_key_file=.vagrant/machines/host-1/virtualbox/private_key
> host-2 ansible_ssh_host=127.0.0.1 ansible_ssh_port=2201
> ansible_ssh_private_key_file=.vagrant/machines/host-2/virtualbox/private_key
> otherhost-1-1 ansible_ssh_host=127.0.0.1 ansible_ssh_port=2202
> ansible_ssh_private_key_file=.vagrant/machines/otherhost-1-1/virtualbox/private_key
>
> Main question: How can I let vagrant specify this explicitly for ansible,
> in the generated inventory file, so that ansible can be run independently?
>
> Second I actually tried to make Vagrant include per-host (and per-group)
> variables in the generated inventory file -- for this and other purposes --
> but this seems not possible:
> https://docs.vagrantup.com/v2/provisioning/ansible.html says "Group
> variables are intentionally not supported, as this practice is not
> recommended." . If anyone can explain me why this is not recommended, I'm
> curious. Because the Ansible documentation does not mention this, and
> happily describes how to use group variables (also in inventory files).
>
> Thanks in advance,
> Eric
>
>
--
You received this message because you are subscribed to the Google Groups
"Vagrant" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to vagrant-up+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
