HiveBrain v1.2.0
Get Started
← Back to all entries
snippetMinor

How do I configure SSH keys in a Vagrant multi-machine setup?

Submitted by: @import:stackexchange-devops··
0
Viewed 0 times
vagrantmultikeyssetuphowmachinesshconfigure

Problem

I have 4 VMs in my Vagrantfile - 3 application servers and an Ansible control host.

I only use Vagrant to create the VMs as I provision them manually from the ansible control host because I am still creating/editing the ansible scripts.

I can do vagrant ssh ansible and vagrant ssh app1/2/3 etc. but when I try to do ansible-playbook oracle.yml from the Ansible control host, SSH fails with

fatal: [192.168.60.10]: UNREACHABLE! => {"changed": false, "msg": "SSH encountered an unknown error during the connection. We recommend you re-run the command using -vvvv, which will enable SSH debugging output to help diagnose the issue", "unreachable": true}


I can successfully ssh from the Ansible VM to the Oracle VM using user vagrant and password vagrant.

The key parts of my Vagrantfile are:

config.ssh.insert_key = false

config.vm.define "db" do |db|
    db.vm.box = "boxcutter/ol67"
    db.vm.hostname = "oracle-vm"
    db.vm.network "forwarded_port", guest: 22, host: 2201, id: "ssh", auto_correct: false
    db.vm.network "forwarded_port", guest: 1521, host: 1521
    db.vm.network "private_network", ip: "192.168.60.10"
    db.vm.provider "virtualbox" do |v|
        v.name = "oracle-vm"
        v.linked_clone = true
        v.memory = 2048
        v.cpus = 2
    end
end

#Optional ansible control machine for Windows users
config.vm.define "ansible", autostart: false do |ansible|
    ansible.vm.box = "williamyeh/ansible"
    ansible.vm.hostname = "ansible-vm"
    ansible.vm.network "forwarded_port", guest: 22, host: 2204, id: "ssh", auto_correct: false
    ansible.vm.network "private_network", ip: "192.168.60.50"
    ansible.vm.provider "virtualbox" do |v|
        v.linked_clone = true
    end
    #Mount the project directory on the guest so we can run the playbooks from there
    ansible.vm.synced_folder ".", "/data/ansible", create: true
end


What do I need to put in the Vagrantfile to allow the Ansible VM to connect to the other VMs without requiring

Solution

There is no general method and it might depend on how boxcutter/ol67 was packed.

-
The easiest method would be to define the password in the Ansible inventory file:

[oracle-vm:vars]
ansible_ssh_user=vagrant
ansible_ssh_pass=vagrant


-
The second method would be to leave the insecure private key configured on the oracle-vm machine and inject the private key to the ansible VM:

config.vm.provision "shell" do |s|
  ssh_insecure_key = File.readlines("#{Dir.home}/.vagrant.d/insecure_private_key").first.strip
  s.inline = > /home/vagrant/.ssh/id_rsa
    chown vagrant /home/vagrant/.ssh/id_rsa
    chmod 400 /home/vagrant/.ssh/id_rsa
  SHELL
end


-
Generate the key pair beforehand on the host machine, inject private key to Ansible VM, public key to Oracle's authorized_keys.

-
Generate the key pair on Ansible VM, copy the public key to Oracle VM using shell provisioner and inject vagrant as password for ssh-copy-id.

And the list does not end here, it depends on required security.

Code Snippets

[oracle-vm:vars]
ansible_ssh_user=vagrant
ansible_ssh_pass=vagrant
config.vm.provision "shell" do |s|
  ssh_insecure_key = File.readlines("#{Dir.home}/.vagrant.d/insecure_private_key").first.strip
  s.inline = <<-SHELL
    echo #{ssh_insecure_key} >> /home/vagrant/.ssh/id_rsa
    chown vagrant /home/vagrant/.ssh/id_rsa
    chmod 400 /home/vagrant/.ssh/id_rsa
  SHELL
end

Context

StackExchange DevOps Q#1237, answer score: 8

Revisions (0)

No revisions yet.