synchronize between 2 files on remote host uses private_key

Archives Ansible Project
1

I have a simple task to copy a file from one path to another on a remote host. I need a private key to SSH into the remote host, but the synchronize module automatically uses my private key in the rsync command too which seems unnecessary:

`

ansible-playbook --private-key=keys/mykey.pem playbook.yml --tags=‘main,role-timezone-set-localtime’ -vvvv

… some ansible output …
TASK: [timezone | set /etc/localtime to UTC] **********************************
(redacted output)

failed: [remote_machine → remote_machine] => {“cmd”: “rsync --delay-updates -FF --compress --checksum --archive --rsh ‘ssh -i keys/mykey.pem -S none -o StrictHostKeyChecking=no’ --out-format=‘<>%i %n%L’ "user@1.2.3.4:/usr/share/zoneinfo/UTC" "/etc/localtime"”, “failed”: true, “rc”: 255}

msg: Warning: Identity file keys/mykey.pem not accessible: No such file or directory.
ssh: connect to host 1.2.3.4 port 22: Connection timed out
rsync: connection unexpectedly closed (0 bytes received so far) [Receiver]
rsync error: unexplained error (code 255) at io.c(605) [Receiver=3.0.9]

`

In the above, you can see that the rsync process running on the remote machine is trying to use an ssh private key to log into itself, but that key only exists on my laptop where I’m running Ansible from. Here’s what my task looks like (I tried nulling the private_key to no avail):

`

  • name: set /etc/localtime to {{timezone}}

synchronize:

src: “{{tzfile}}”

dest: /etc/localtime

mode: pull

times: yes

checksum: yes

private_key: “”

delegate_to: “{{inventory_hostname}}”

tags: role-timezone-set-localtime

`

2

Hi Michael, have you tried setting the key option via the rsync_opts and/or rsync_path parameters to synchronize module?

3

I looked at the module code and it seemed like it would automatically add the key if it was being used. I ended up running rsync directly using the command module and it seems to be working now.

Looking at the rsync_opts argument, it seems like it will only append to the existing arguments, not change any existing arguments. Did this work for you?

4

Actually, looking through the code I believe you’re correct. Setting the option for -i again might work (assuming the rsync command will override the setting with the second value, instead of throwing an error), however I think using the rsync command directly is what you want anyway, as you said the rsync is for a remote → remote copy. The synchronize module will only push or pull the file from or to the remote host and the Ansible controller normally - there is no option to do a completely remote rsync. I’m kind of surprised that using the delegate_to option makes it kind of work this way at all.

5

Actually, I've just tripped over this. I was attempting to use synchronize
to transfer files from the controller to a destination host. The
synchronize task was invoked with a remote_user: root, but run as a normal
user on the controller.

What happens, it seems, is that ansible first attempts to make an ssh
connection to root@localhost, to ship over the ansible module that'll
perform the sync; then that runs - and fails, because the root user
doesn't have the credentials available to make the conneciton to the
destination machine.

I could understand this being reasonable behaviour to support delegate_to,
but is there a way to make synchronize simply invoke rsync directly in the
common case (where the soruce is the ansible controller)?

(At the moment I have to use rsync via local_action, which feels pretty
ugly.)

Cheers,
jan