Ansible SSH forwarding doesn't seem to work with Vagrant

前端 未结 6 1288
Happy的楠姐
Happy的楠姐 2021-01-31 04:17

OK, strange question. I have SSH forwarding working with Vagrant. But I\'m trying to get it working when using Ansible as a Vagrant provisioner.

I found out exactly what

相关标签:
6条回答
  • 2021-01-31 04:40

    Here's a workaround:

    Create an ansible.cfg file in the same directory as your Vagrantfile with the following lines:

    [ssh_connection]
    ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o ForwardAgent=yes
    
    0 讨论(0)
  • 2021-01-31 04:42

    As of ansible 1.5 (devel aa2d6e47f0) last updated 2014/03/24 14:23:18 (GMT +100) and Vagrant 1.5.1 this now works.

    My Vagrant configuration contains the following:

    config.vm.provision "ansible" do |ansible|
       ansible.playbook = "../playbooks/basho_bench.yml"
       ansible.sudo = true
       ansible.host_key_checking = false
       ansible.verbose =  'vvvv'
       ansible.extra_vars = { ansible_ssh_user: 'vagrant', 
                     ansible_connection: 'ssh',
                     ansible_ssh_args: '-o ForwardAgent=yes'}
    

    It is also a good idea to explicitly disable sudo use. For example, when using the Ansible git module, I do this:

    - name: checkout basho_bench repository 
      sudo: no
      action: git repo=git@github.com:basho/basho_bench.git dest=basho_bench
    
    0 讨论(0)
  • 2021-01-31 04:45

    The key difference appears to be the UserKnownHostFile setting. Even with StrictHostKeyChecking turned off, ssh quietly disables certain features including agent forwarding when there is a conflicting entry in the known hosts file (these conflicts are common for vagrant since multiple VMs may have the same address at different times). It works for me if I point UserKnownHostFile to /dev/null:

    config.vm.provision "ansible" do |ansible|
      ansible.playbook = "playbook.yml"
    
      ansible.raw_ssh_args = ['-o UserKnownHostsFile=/dev/null']
    end
    
    0 讨论(0)
  • 2021-01-31 04:54

    You can simply add this line to your Vagrantfile to enable the ssh forwarding:

    config.ssh.forward_agent = true
    

    Note: Don't forget to execute the task with become: false

    Hope, this will help.

    0 讨论(0)
  • 2021-01-31 04:59

    I struggled with a very similar problem for a few hours. Vagrant 1.7.2 ansible 1.9.4

    My symptoms:

    failed: [vagrant1] => {"cmd": "/usr/bin/git ls-remote '' -h refs/heads/HEAD", "failed": true, "rc": 128}
    stderr: Permission denied (publickey).
    fatal: Could not read from remote repository.
    
    Please make sure you have the correct access rights
    and the repository exists.
    
    msg: Permission denied (publickey).
    fatal: Could not read from remote repository.
    
    Please make sure you have the correct access rights
    and the repository exists.
    
    FATAL: all hosts have already failed -- aborting
    

    SSH'ing into the guest, I found that my ssh-agent was forwarding as expected:

    vagrant@vagrant-ubuntu-trusty-64:~$ ssh -T git@github.com
    Hi baxline! You've successfully authenticated, but GitHub does not provide shell access.
    

    However, from the host machine, I could not open the connection:

    $ ansible web -a "ssh-add -L"
    vagrant1 | FAILED | rc=2 >>
    Could not open a connection to your authentication agent.
    

    After confirming that my ansible.cfg file was set up, as @Lorin noted, and my Vagrantfile set config.ssh.forward_agent = true, I still came up short.

    The solution was to delete all lines in my host's ~/.ssh/known_hosts file that were associated with my guest. For me, they were the lines that started with:

    [127.0.0.1]:2201 ssh-rsa
    [127.0.0.1]:2222 ssh-rsa
    [127.0.01]:2222 ssh-rsa
    [127.0.0.1]:2200 ssh-rsa
    

    Note the third line has a funny ip address. I'm not certain, but I believe that line was the culprit. These lines are created as I destroy and create vagrant VMs.

    0 讨论(0)
  • 2021-01-31 05:01

    I've found that I need to do two separate things (on Ubuntu 12.04) to get it working:

    • the -o ForwardAgent thing that @Lorin mentions
    • adding /etc/sudoers.d/01-make_SSH_AUTH_SOCK_AVAILABLE with these contents:

      Defaults env_keep += "SSH_AUTH_SOCK"
      
    0 讨论(0)
提交回复
热议问题