2

I am a newbie to Ansible. I have managed to write playbooks that set up Apache, Tomcat and others, all on localhost. I am now trying to move this to other servers to test the playbooks.

I have done the following:
1. Added a section [webservers] in /etc/ansible/hosts and put the public IP for that instance there.
2. I invoked ansible-playbook like so:
ANSIBLE_KEEP_REMOTE_FILES=1 ansible-playbook -vvvv -s serverSetup.yml

My questions:
1. Where do I store the public SSH key for the target server?
2. How do I specify which public key to use?

Sriram
  • 10,298
  • 21
  • 83
  • 136

3 Answers3

2

There are a number of other ways it is possible: ansible.cfg, set_fact, environment vars.

ansible.cfg

You can have an Ansible Config file within your project folder which can state which key to use, using the following:

private_key_file = /path/to/key/key1.pem

You can see an example of an ansible.cfg file here: https://raw.githubusercontent.com/ansible/ansible/devel/examples/ansible.cfg

set_fact

You can add the key using the set_fact module within your playbook, this can be hardcoded as below or templated:

- name: Use particular private key for this playbook
  set_fact: ansible_private_ssh_key=/path/to/key/key1.pem

http://docs.ansible.com/ansible/set_fact_module.html

environment vars

See this stackoverflow post's answer for more information:

how to define ssh private key for servers fetched by dynamic inventory in files

Community
  • 1
  • 1
Matt Childs
  • 149
  • 1
  • 1
  • 7
2

Where do I store the public SSH key for the target server?

Wherever makes sense. Since these are keys that I may use to directly connect to the machine, I usually store them in ~/.ssh/ with my other private keys. For projects where I'm working on multiple computers or with other users, I store them in Ansible Vault and have a playbook that extracts them and stores them on the local machine.

How do I specify which public key to use?

group_vars is a good place to specify ansible_private_ssh_key.

Xiong Chiamiov
  • 13,076
  • 9
  • 63
  • 101
1

ansible uses a user to connect to the target machine.

So if your user is ubuntu (-u ubuntu in ansible flags) the key will be ~ubuntu/.ssh/authorized_keys on target machine).

And from the ansible --help command you have

--private-key=PRIVATE_KEY_FILE, --key-file=PRIVATE_KEY_FILE use this file to authenticate the connection

user2599522
  • 3,005
  • 2
  • 23
  • 40