17

I have 4 VMs in my Vagrantfile - 3 application servers and an Ansible control host.

I only use Vagrant to create the VMs as I provision them manually from the ansible control host because I am still creating/editing the ansible scripts.

I can do vagrant ssh ansible and vagrant ssh app1/2/3 etc. but when I try to do ansible-playbook oracle.yml from the Ansible control host, SSH fails with

fatal: [192.168.60.10]: UNREACHABLE! => {"changed": false, "msg": "SSH encountered an unknown error during the connection. We recommend you re-run the command using -vvvv, which will enable SSH debugging output to help diagnose the issue", "unreachable": true}

I can successfully ssh from the Ansible VM to the Oracle VM using user vagrant and password vagrant.

The key parts of my Vagrantfile are:

config.ssh.insert_key = false

config.vm.define "db" do |db|
    db.vm.box = "boxcutter/ol67"
    db.vm.hostname = "oracle-vm"
    db.vm.network "forwarded_port", guest: 22, host: 2201, id: "ssh", auto_correct: false
    db.vm.network "forwarded_port", guest: 1521, host: 1521
    db.vm.network "private_network", ip: "192.168.60.10"
    db.vm.provider "virtualbox" do |v|
        v.name = "oracle-vm"
        v.linked_clone = true
        v.memory = 2048
        v.cpus = 2
    end
end

#Optional ansible control machine for Windows users
config.vm.define "ansible", autostart: false do |ansible|
    ansible.vm.box = "williamyeh/ansible"
    ansible.vm.hostname = "ansible-vm"
    ansible.vm.network "forwarded_port", guest: 22, host: 2204, id: "ssh", auto_correct: false
    ansible.vm.network "private_network", ip: "192.168.60.50"
    ansible.vm.provider "virtualbox" do |v|
        v.linked_clone = true
    end
    #Mount the project directory on the guest so we can run the playbooks from there
    ansible.vm.synced_folder ".", "/data/ansible", create: true
end

What do I need to put in the Vagrantfile to allow the Ansible VM to connect to the other VMs without requiring a password or extra manual steps after vagrant up?

This is just for development testing on a private network on developers PCs so security is not really an issue and comes second to ease of implementation and smooth user experience.

Aurora0001
  • 1,532
  • 19
  • 34
opticyclic
  • 489
  • 2
  • 4
  • 12

4 Answers4

9

There is no general method and it might depend on how boxcutter/ol67 was packed.

  1. The easiest method would be to define the password in the Ansible inventory file:

    [oracle-vm:vars]
ansible_ssh_user=vagrant
ansible_ssh_pass=vagrant

  2. The second method would be to leave the insecure private key configured on the oracle-vm machine and inject the private key to the ansible VM:

    config.vm.provision "shell" do |s|
  ssh_insecure_key = File.readlines("#{Dir.home}/.vagrant.d/insecure_private_key").first.strip
  s.inline = <<-SHELL
    echo #{ssh_insecure_key} >> /home/vagrant/.ssh/id_rsa
    chown vagrant /home/vagrant/.ssh/id_rsa
    chmod 400 /home/vagrant/.ssh/id_rsa
  SHELL
end

  3. Generate the key pair beforehand on the host machine, inject private key to Ansible VM, public key to Oracle's authorized_keys.

  4. Generate the key pair on Ansible VM, copy the public key to Oracle VM using shell provisioner and inject vagrant as password for ssh-copy-id.

And the list does not end here, it depends on required security.

techraf
  • 270
  • 1
  • 8
8

Based on techraf's 3rd suggestion I did the following:

  • vagrant up ansible
  • ssh-keygen (no password just pressed Enter)
  • copied .ssh/id_rsa and .ssh/id_rsa.pub to the project directory
  • vagrant destroy ansible
  • modified the Vagrantfile to copy the id_rsa to all hosts
  • modified the Vagrantfile to copy the id_rsa.pub into authorized_keys on all hosts
  • modified the Vagrantfile to disable host checking

Vagrantfile snippet:

 config.vm.provision "file", source: "id_rsa", destination: "/home/vagrant/.ssh/id_rsa"
 public_key = File.read("id_rsa.pub")
 config.vm.provision :shell, :inline =>"
     echo 'Copying ansible-vm public SSH Keys to the VM'
     mkdir -p /home/vagrant/.ssh
     chmod 700 /home/vagrant/.ssh
     echo '#{public_key}' >> /home/vagrant/.ssh/authorized_keys
     chmod -R 600 /home/vagrant/.ssh/authorized_keys
     echo 'Host 192.168.*.*' >> /home/vagrant/.ssh/config
     echo 'StrictHostKeyChecking no' >> /home/vagrant/.ssh/config
     echo 'UserKnownHostsFile /dev/null' >> /home/vagrant/.ssh/config
     chmod -R 600 /home/vagrant/.ssh/config
     ", privileged: false
Community
  • 1
opticyclic
  • 489
  • 2
  • 4
  • 12
0

You could generate the keys using shell provisioner ssh-keygen quiet mode, copy the pub key to the project folder and then copy it to the other(s) machine(s) using file provisioner. Assuming /vagrant/ is the project synced folder, it should be something like this:

machine1.vm.provision "shell", inline: "[ ! -f '/home/vagrant/.ssh/id_rsa' ] && ssh-keygen -q -f /home/vagrant/.ssh/id_rsa -N ''"

machine1.vm.provision "shell", inline: "cp /home/vagrant/.ssh/id_rsa.pub /vagrant/"


machine2.vm.provision "file", source: "id_rsa.pub", destination: "/home/vagrant/.ssh/"


machine2.vm.provision "shell", inline: "[ ! -f '/home/vagrant/.ssh/id_rsa_machine1.pub' ] && cat /vagrant/id_rsa.pub >> /home/vagrant/.ssh/authorized_keys"


machine2.vm.provision "file", source: "id_rsa.pub", destination: "/home/vagrant/.ssh/id_rsa_machine1.pub"
samueldc
  • 11
  • 3
0

If you want to have a preformatted block within a list, indent by eight spaces:

  1. generate public/private key

    cd vagrant-home
ssh-keygen // just pressed enter
copy ~/.ssh/id_rsa .
copy ~/.ssh/id_rsa.pub .

  2. edit Vagrantfile,add follow lines: config.vm.provision "file", source: "id_rsa", destination: "/home/vagrant/.ssh/id_rsa"

        public_key = File.read("id_rsa.pub")
    config.vm.provision "shell", inline: <<-SCRIPT
        chmod 600 /home/vagrant/.ssh/is_rsa
        echo 'Copying ansible-vm public SSH Keys to the VM'
        #mkdir -p /home/vagrant/.ssh
        chmod 700 /home/vagrant/.ssh
        echo '#{public_key}' >> /home/vagrant/.ssh/authorized_keys
        chmod -R 600 /home/vagrant/.ssh/authorized_keys
        echo 'Host 192.168.*.*' >> /home/vagrant/.ssh/config
        echo 'StrictHostKeyChecking no' >> /home/vagrant/.ssh/config
        echo 'UserKnownHostsFile /dev/null' >> /home/vagrant/.ssh/config
        chmod -R 600 /home/vagrant/.ssh/config
        SCRIPT

  3.         vagrant up // or vagrant reload --provision
tar tu
  • 1
  • 1