snippetMinor
How do I configure SSH keys in a Vagrant multi-machine setup?
Viewed 0 times
vagrantmultikeyssetuphowmachinesshconfigure
Problem
I have 4 VMs in my Vagrantfile - 3 application servers and an Ansible control host.
I only use Vagrant to create the VMs as I provision them manually from the ansible control host because I am still creating/editing the ansible scripts.
I can do
I can successfully ssh from the Ansible VM to the Oracle VM using user vagrant and password vagrant.
The key parts of my Vagrantfile are:
What do I need to put in the Vagrantfile to allow the Ansible VM to connect to the other VMs without requiring
I only use Vagrant to create the VMs as I provision them manually from the ansible control host because I am still creating/editing the ansible scripts.
I can do
vagrant ssh ansible and vagrant ssh app1/2/3 etc. but when I try to do ansible-playbook oracle.yml from the Ansible control host, SSH fails withfatal: [192.168.60.10]: UNREACHABLE! => {"changed": false, "msg": "SSH encountered an unknown error during the connection. We recommend you re-run the command using -vvvv, which will enable SSH debugging output to help diagnose the issue", "unreachable": true}I can successfully ssh from the Ansible VM to the Oracle VM using user vagrant and password vagrant.
The key parts of my Vagrantfile are:
config.ssh.insert_key = false
config.vm.define "db" do |db|
db.vm.box = "boxcutter/ol67"
db.vm.hostname = "oracle-vm"
db.vm.network "forwarded_port", guest: 22, host: 2201, id: "ssh", auto_correct: false
db.vm.network "forwarded_port", guest: 1521, host: 1521
db.vm.network "private_network", ip: "192.168.60.10"
db.vm.provider "virtualbox" do |v|
v.name = "oracle-vm"
v.linked_clone = true
v.memory = 2048
v.cpus = 2
end
end
#Optional ansible control machine for Windows users
config.vm.define "ansible", autostart: false do |ansible|
ansible.vm.box = "williamyeh/ansible"
ansible.vm.hostname = "ansible-vm"
ansible.vm.network "forwarded_port", guest: 22, host: 2204, id: "ssh", auto_correct: false
ansible.vm.network "private_network", ip: "192.168.60.50"
ansible.vm.provider "virtualbox" do |v|
v.linked_clone = true
end
#Mount the project directory on the guest so we can run the playbooks from there
ansible.vm.synced_folder ".", "/data/ansible", create: true
endWhat do I need to put in the Vagrantfile to allow the Ansible VM to connect to the other VMs without requiring
Solution
There is no general method and it might depend on how
-
The easiest method would be to define the password in the Ansible inventory file:
-
The second method would be to leave the insecure private key configured on the
-
Generate the key pair beforehand on the host machine, inject private key to Ansible VM, public key to Oracle's
-
Generate the key pair on Ansible VM, copy the public key to Oracle VM using shell provisioner and inject
And the list does not end here, it depends on required security.
boxcutter/ol67 was packed.-
The easiest method would be to define the password in the Ansible inventory file:
[oracle-vm:vars]
ansible_ssh_user=vagrant
ansible_ssh_pass=vagrant-
The second method would be to leave the insecure private key configured on the
oracle-vm machine and inject the private key to the ansible VM:config.vm.provision "shell" do |s|
ssh_insecure_key = File.readlines("#{Dir.home}/.vagrant.d/insecure_private_key").first.strip
s.inline = > /home/vagrant/.ssh/id_rsa
chown vagrant /home/vagrant/.ssh/id_rsa
chmod 400 /home/vagrant/.ssh/id_rsa
SHELL
end-
Generate the key pair beforehand on the host machine, inject private key to Ansible VM, public key to Oracle's
authorized_keys.-
Generate the key pair on Ansible VM, copy the public key to Oracle VM using shell provisioner and inject
vagrant as password for ssh-copy-id.And the list does not end here, it depends on required security.
Code Snippets
[oracle-vm:vars]
ansible_ssh_user=vagrant
ansible_ssh_pass=vagrantconfig.vm.provision "shell" do |s|
ssh_insecure_key = File.readlines("#{Dir.home}/.vagrant.d/insecure_private_key").first.strip
s.inline = <<-SHELL
echo #{ssh_insecure_key} >> /home/vagrant/.ssh/id_rsa
chown vagrant /home/vagrant/.ssh/id_rsa
chmod 400 /home/vagrant/.ssh/id_rsa
SHELL
endContext
StackExchange DevOps Q#1237, answer score: 8
Revisions (0)
No revisions yet.