This problem sounds like a very similar issues to what some others are experiencing and have been able to resolve. However, looking at those examples I do not see a clear and compete answer on the solution.
I am trying to use ansible to clone a private repo. I can login to the remote machine and manually clone the repo as my user. I can also go on the ansible master and do the clone via ssh forwarding:
I have tried adding the connection flag but this did not change the output. The above command will hang as if it is looking for input from the user.
I feel certain there is something I am missing with forwarding the ssh credentials but how to first get the CLI to work and then employ it in a playbook still alludes me. Any information on getting the above to work would be much appreciated.
I think its hangs because its asking you to add the host to .ssh/known_hosts. For me to get private repos working all I do is login to the user and do the following
ssh git@privaterepo.com this prompts me to accept authenticity and updates known_hosts. After that I can call ansible to clone repo.
While I haven’t tried the turning off strict hosting, I have assured the known host works. I can physically log onto the machine and do the clone without being asked for a password which should be a way of verify that the known_hosts file is not the issue.
Just to quickly recap the scope of this issue, we have now reproduced this on a completely fresh install of Ubuntu 12.04. Only one of our severs is able to actually perform the ansible command via the ‘git’ module. However, we are unable to probe specifically how this machine is different from the other servers. Beyond that we have spun up a new AWS instance (sense I did not do this piece, I cannot speak about what stack was used) and this machine did not exemplify the problematic behaviour we are seeing.
So from our perspective, a regular fresh install of Ubuntu 12.04 is configured in such a way that it does not allow the ‘git’ module to work properly. We have a work around and the workaround highlights once again that this is some strange configuration issue:
So it seems rather clear this is not a known_hosts problem but rather a system configuration issue. We have no more time to troubleshoot this issue and will be deploy the work around for the time being (which falls quite short of the full functionality behind the git module).
This issue was caused by a strange key forwarding issue. The script did two hops and this caused the agent to not get forwarded. I was able to ssh into Jester from Molmicro-devel because the credentials were being forwarded via SSH. Thus follows I was also able to do the git pull manually. When I ran the script the key was not forwarded and it was looking for credentials on Molmicro-devel. However, I had no credentials there and instead my credentials were on my machine (the ansible master). Therefore ansible was hanging at a password prompt.
So it works fine for SSHing between the machine but not for Ansible. If there is some way to fix that issue I am describing were credentials are not forwarded, that would be appreciated. Otherwise, we have solved the issue.
ANSIBLE_SSH_ARGS and your ~/.ssh/config can both be used to control forwarding.
If you are using paramiko (because it’s the default on Enterprise Linux, who still ships an unfortunately downlevel SSH), it’s using paramiko by default though and not openssh.
The solution there is to specify -c ssh or so configure it in your configuration file.