Hi all!
In my company, we have playbooks to set up brand new servers in different roles, so that we can quickly configure new servers in case of expansion, emergency, etc.
One of the steps involved in these setups is adding a private key to some of them. Now, this goes great 99% of the time, since it usually involves adding a .ssh/id_rsa key, and ssh will attempt to use it automatically, (based on its name I believe)
However, the problem is when adding private keys with a non standard name. Say for example a server will hold 2 keys, one “id_rsa” and the other “id_rsa_git”. Normally, the second key will not work until ssh is made aware of it with ssh-add. However, I seem to be unable to run this command with ansible.
Here’s what I have tried:
- command: ssh-add /home/{{ user }}/.ssh/id_rsa_git
Does not work, outputs “Could not open a connection to your authentication agent.”. Fair enough.
- shell: eval “$(ssh-agent)” && ssh-add /home/{{ user }}/.ssh/id_rsa_git
Seems to work, but doesn’t. Here’s the output I get if I run with the verbose flag:
changed: [REDACTED] => {“changed”: true, “cmd”: “eval "$(ssh-agent)" && ssh-add /home/johndoe/.ssh/id_rsa_git”, “delta”: “0:00:00.006037”, “end”: “2015-07-16 23:23:28.667177”, “rc”: 0, “start”: “2015-07-16 23:23:28.661140”, “stderr”: “Identity added: /home/johndoe/.ssh/id_rsa_git (/home/johndoe/.ssh/id_rsa_git)”, “stdout”: “Agent pid 28489”}
Seems about right, right? That would be the output you would get if you ran it directly on the server. However, when I go to the server and I do “ssh-add -l”, I get “The agent has no identities.” Huh?
I thought maybe the user wasn’t right. So I tried:
shell: eval “$(ssh-agent)” && ssh-add /home/{{ user }}/.ssh/id_rsa_git && whoami
remote_user: johndoe
But this of course fails, since johndoe cannot ssh into servers (it’s a system user).
So, my question. Is there some sane way of doing the equivalent of ssh-add that I am not aware of?
Thanks in advance!