Using ssh agent forwarding with salt states

5
votes

So I have the following in my vagrant file:

config.ssh.forward_agent = true

And the following salt state:

git+ssh://[email protected]/xxx/repo.git:
  git.latest:
    - rev: rest
    - target: /home/vagrant/src

However I get a public-key error when this salt state is executed.

The annoying thing is that if I manually perform git clone git+ssh://[email protected]/xxx/repo.git from within my instance, everything works fine. Any ideas?

2
vagrantsalt-stack
Can you check that the user performing the git clone is the same user that salt is using to execute the command (salt usually uses root)? - Jason Zhu
Hi Jason, you were correct with it being root however I added - user: vagrant to the salt state config which matches the git clone user. Unfortunately the outcome is the same... - Michael
I think it might not be using the private key file that you might key. Can you try and specify the private key to use via identity parameter. - Jason Zhu
That's actually my workaround at the moment. I have to use managed files to pull in the keys manually. However obviously that's not ideal as it requires additional setup from the developer when setting up the environment with vagrant. Agent forwarding is supposed to solve this right? - Michael
Salt might sanitize the environment variables, and ssh-agent depends on them to work. I suspect that. - Dan Garthwaite

2 Answers

0
votes

Is bitbucket.org in known_hosts file?

git+ssh://[email protected]/xxx/repo.git:
  git.latest:
    - rev: rest
    - target: /home/vagrant/src
    - require:
      - ssh_known_hosts: bitbucket.org
0
votes

I had the similar requirement with capistrano. I used ssh-forwarding to checkout repo from github to the remote server. I had to add the host in ~/.ssh/config file on my machine as below.

vim ~/.ssh/config

Content

Host <some host or IP>
   ForwardAgent yes

I used * as host so that It works with any server.