Streisand: Specify ssh key in ansible inventory

Created on 5 Sep 2017  路  4Comments  路  Source: StreisandEffect/streisand

As was asked to file a separate issue after a work-around proposed for #300 (Specify your own SSH key) didn't work.

Proposed workaround:

You can tell Ansible to use a specific key - in the inventory file, add something like:

[streisand-host:vars]
ansible_ssh_private_key = /path/to/keyfile

This presumes that you already have a host instead of letting streisand provision one for you, and that the host details are also in the inventory file.

So I spin an Ubuntu server on digital ocean and went with the existing server option and attempted the work-around.

Expected behavior:

inventory:

[streisand-host]
138.x.x.58

[streisand-host:vars]
ansible_ssh_private_key = /home/olivier/.ssh/my-vpn-key

output:

What is the IP of the existing server: 138.xx.xx.58

THIS WILL OVERWRITE CONFIGURATION ON THE EXISTING SERVER.
STREISAND ASSUMES 138.xx.xx.58 IS A BRAND NEW UBUNTU INSTANCE AND WILL
NOT PRESERVE EXISTING CONFIGURATION OR DATA.

ARE YOU 100% SURE THAT YOU WISH TO CONTINUE?

Please enter the word 'streisand' to continue: streisand

Confirmed. Continuing

and that my streisand would be setup properly.

Actual Behavior:

inventory:

[streisand-host]
138.x.x.58

[streisand-host:vars]
ansible_ssh_private_key = /home/olivier/.ssh/my-vpn-key

output

What is the IP of the existing server: 138.xx.xx.58

THIS WILL OVERWRITE CONFIGURATION ON THE EXISTING SERVER.
STREISAND ASSUMES 138.xx.xx.58 IS A BRAND NEW UBUNTU INSTANCE AND WILL
NOT PRESERVE EXISTING CONFIGURATION OR DATA.

ARE YOU 100% SURE THAT YOU WISH TO CONTINUE?

Please enter the word 'streisand' to continue: streisand

Confirmed. Continuing

Warning: Identity file /home/xxxx/.ssh/id_rsa not accessible: No such file or directory.
Permission denied (publickey).

I also tried setting both ansible_ssh_private_key or ansible_ssh_private_key_file (found via google) and it did not work.

Steps to Reproduce:

  1. Want to configure a different SSH key
  2. Try to apply above-mentioned workaround in inventory file:
[streisand-host]
138.x.x.58

[streisand-host:vars]
ansible_ssh_private_key = /home/olivier/.ssh/my-vpn-key
  1. See it fail

Additional Details:

Log output from Ansible or other relevant services (link to Gist for longer output): given above

Target Cloud Provider: digital ocean
Operating System of target host: ubuntu
Operating System of client: arch linux
Version of Ansible, using ansible --version : 2.3.2.0
Output from git rev-parse HEAD in your Streisand directory : d02407e557cd21ced557e70f06a7b9354f390441
areansible areprovisioning aressh

All 4 comments

Hi @obilodeau,

Apologies for the confusion that ended up with you creating another issue for this. Unfortunately as I just commented in #300 the workaround doesn't work and I wouldn't expect it to.

Using your own SSH key isn't possible with master as it is - please follow #300. I'm hoping to add this feature in the coming days.

Again apologies for the run around & delay responding here :-)

replace "ansible_ssh_private_key" by "ansible_ssh_private_key_file"

ansible_ssh_private_key_file appears to be the correct Ansible syntax for this. But Streisand wants to manage its private keys in a particular way, so I don't think this will work out.

@cpu: BTW, it turns out that with IdentitiesOnly, IdentityFile does not have to be a private key; it can be a public key if the agent holds the private key. I have a branch somewhere around here where I started working on this.

I gave space before and after equal and it worked.

if there is no space it wont work.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

gmile picture gmile  路  6Comments

NightMachinary picture NightMachinary  路  5Comments

alphazo picture alphazo  路  5Comments

tomchiverton picture tomchiverton  路  6Comments

markwyner picture markwyner  路  3Comments