Right now I have in ansible.cfg:
[ssh_connection]
ssh_args = -F ssh_config
scp_if_ssh = True
And in ssh_config:
Host sub.domain.com
Hostname sub.domain.com
User ubuntu
IdentityFile ~/mykeyfile.pem
Right now I’m manually editing this file to change the 2 hostnames when I want to work with a different host!
The IdentityFile is the same for all hosts.
Can you suggest a better way? I’ve had trouble finding docs on this.
several ways:
In ssh_config you can:
Host *
^ will match all hosts, you can be more/less restrictive than that.
Within ansible there are many ways to supply the key :
[defaults]
private_key_file = ~/mykeyfile.pem
for a full list see
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/ssh_connection.html#parameters
Funny this came up, as I just finished a playbook that bounces keys several times. There are 2 variables you can use in the playbook itself and can be changed using set_fact:ansible_private_key_file, and ansible_ssh_private_key_file. Used with the ansible_user or ansible_ssh_user variables it can be quite handy cycling users or updating authorized keys mid play.
Thank you both.
I’m going with the
[defaults]
private_key_file = ~/mykeyfile.pem
method, but it’s good to know that this can also be done inside the playbook, as I might want to consider using ansible for key rotation at some point in the future…
Thanks again.
Jason