Vagrant and Private Repositories

Phill_Pafford · June 23, 2015, 2:10pm

I’ve read a couple posts like this one

http://vicendominguez.blogspot.com/2014/05/ansible-generating-pub-key-file-and.html#comment-form

But still no luck, but I wanted to know if I’m going about this the right or wrong way.

The problem:

I’ve created a Vagrant and I’m using Ansible to provision it, this is working great! The problem comes into play when I need to checkout my project which is in a Private Repository (Atlassian Stash aka Bitbucket aka git). I’d like to use my SSH key that I have configured on Atlassian Stash to pull down the project onto the Vagrant I have running but in order to do this I would need to copy my existing private SSH key onto my Vagrant. Which I do not want to do. I thought about generating a new key on the Vagrant box itself and then pushing the new public ket to Atlassian Stash via the API but this still needs me to authenticate with Atlassian Stash.

Also I’d like to use the same Ansible playbook to provision my Production Server in the future so I’m trying to keep the process the same.

I’ve looked a little into Ansible Vault but have not played with it…

Am I going about this the right way? what have others done?

Thanks,
–Pafford

Brian_Coca · June 26, 2015, 4:31am

These are not really ansible questions, they are really ssh setup questions.

i don't recommend copying private keys, I would either generate a new
one and add that to stash. You can have multiple per user, or just
create a readonly deployment user to do checkouts. Another option is
to forward your ssh key as you login to the vagrant box.

Ansible vault is for keeping secrets encrypted, it will not help you
with ssh access, but it can keep passwords and keys safe.

Marcus_Franke · June 26, 2015, 7:47am

Hi,

looks like you are having an application deployment problem and not a ssh key problem.

Have you thought about creating for example an operating system package like rpm or deb out of your application instead of doing a got checkout deployment?

If you are using a ci server by chance like Jenkins already why not create a pipeline and the last step is to create a deployment artefact and promote it to some sort of repository server?

You will gain lots of benefits from this. Security will love you, as your application servers do not need to dial out on ssh any longer.

regards,
/mf

Topic		Replies	Views
ansible-pull, GitHub private repository, deploy key Ansible Project	2	8	August 31, 2022
Getting started tutorial question Ansible Project	10	0	July 3, 2013
github deploy keys Ansible Project	1	4	September 13, 2012
Problem with SSH Forwarding using Ansible and Vagrant Ansible Project	2	0	October 25, 2014
things I need to figure out for ansible Ansible Project	0	0	August 9, 2012

Vagrant and Private Repositories

Related topics