This is probably a simple question that you get asked hundreds of times, but I’ve searched the archives and either my google mojo is gone, or else it’s in a different wording.
My employer uses ansible heavily, and I’ve been kind of roped into getting to learn it. No hurry, as there are already others who use it and know it, so for the moment it’s more a ‘hobby but would be nice to know’.
At home, I have a Mac and a server with VMWare running, and about a dozen Linux CentOS VMs. As a first project, I decided I want to use ansible to keep the openssh servers on the VMs current. Now, I can connect to these servers no problem, either with a simple command (let’s use the mail server as an example)…
`
ssh -p xxxx -i $HOME/.ssh/key_rsa -l cycle mx
`
… and boom, I’m on the mail server. Or I can use wrappers, which basically means I need to type ‘mx’ and I connect to that box. No need to cat the contents of that file, as it’s basically identical to the command above. The point is that keypair authentication works seamlessly.
Now for Ansible. As I’m using the Mac, it’s a weird installation, as there’s no /etc/ansible but I’ve created an ansible directory in my $HOME in the location that I use for developing stuff:
$HOME/Documents/dev/ansible
In there, I have…
My-Mac:ansible cycle$ ls -l
total 8
-rw-r–r–+ 1 cycle staff 324 23 nov 16:23 hosts
drwxr-xr-x+ 3 cycle staff 102 23 nov 16:25 playbooks
In playbooks, I have a yml file that uses the yum module to set sshd to ‘latest’. I run…
`
ansible-playbook -i hosts --private-key /Users/cycle/.ssh/key_rsa playbooks/update_all_sshd.yml
`
I get the cute little logo telling me it’s gathering facts, and then a stream of …
The authenticity of host ‘db1.internal-domain (192.168.1.11)’ can’t be established.
RSA key fingerprint is SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
Are you sure you want to continue connecting (yes/no)? The authenticity of host ‘dns2.internal-domain (192.168.1.19)’ can’t be established.
RSA key fingerprint is SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
Are you sure you want to continue connecting (yes/no)? The authenticity of host ‘dns1.internal-domain (192.168.1.15)’ can’t be established.
RSA key fingerprint is SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
Are you sure you want to continue connecting (yes/no)? The authenticity of host ‘db2.internal-domain (192.168.1.16)’ can’t be established.
RSA key fingerprint is SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
Are you sure you want to continue connecting (yes/no)? fatal: [jira.internal-domain]: UNREACHABLE! => {“changed”: false, “msg”: “Failed to connect to the host via ssh: Permission denied (publickey).\r\n”, “unreachable”: true}
And what I don’t understand is: if I can connect using my ordinary username ‘cycle’ and if this is in the $HOME/ansible.cfg …
My-Mac:ansible cycle$ grep cycle /Users/cycle/ansible.cfg
inventory = /Users/cycle/Documents/dev/ansible/hosts
remote_user = cycle
private_key_file = /Users/cycle/keys/new_id.rsa
… then why can’t ansible do so?
Thanks in advance.