Hi,
I’ve been wrangling around this all afternoon.
First of all, is it ok to have two ansible-vault encrypted files (containing ssh private keys) with the same password and use them in one playbook?
I ask because when I try to use a second one, the first one seems to stop working.
My first playbook used passwords to connect to nodes and then I used an ansible-vault encrypted private key file to scp files to another remote host. This worked fine. But I need to use ssh key to connect to the nodes… when I added
vars:
ansible_ssh_private_key_file: /vars/current_id_rsa
and current_id_rsa is ansible-vault encrypted with the same password as the first file, my scp command no longer works with the key it was using and hangs asking for password now – it seems like it is using the wrong private key from the debugging I have done…. But as I am just using the
command: scp -i vars/id_rsa -o StrictHostKeyChecking=no /tmp/id_rsa user@users.workstation/Users/user/.ssh/instances_id_rsa
for my command and vars/id_rsa is vault encrypted, I don’t see how that would get interfered with by setting the ansible_ssh_private_key_file.
I changed back to using password to connect to nodes and then the scp command works again…
So if that isn’t going to work, can I store my ssh private keys as a vars in a vars file, so I just have one encrypted vars file? I can’t seem to find any examples of doing this with mr google.
Thanks
Bill