26
votes

I have an autoscaling group on Amazon EC2 and I have added my public key when I create AMI with packer so I can run ansible-playbook and ssh to the hosts.

But there is a problem when I run the playbook like this ansible-playbook load.yml I am getting this message that I need to write my password

Enter passphrase for key '/Users/XXX/.ssh/id_rsa':
Enter passphrase for key '/Users/XXX/.ssh/id_rsa':
Enter passphrase for key '/Users/XXX/.ssh/id_rsa':

The problem is it doesn't accept my password (I am sure I am typing my password correctly).

Then I found that I can send my password with ask-pass flag so I have changed my command to ansible-playbook load.yml --ask-pass and I got some progress but again for some other task it asks for the password again and it didn't accept my password

[WARNING]: Unable to parse /etc/ansible/hosts as an inventory source

 [WARNING]: No inventory was parsed, only implicit localhost is available

 [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'


PLAY [localhost] *************************************************************************************************************

TASK [ec2_instance_facts] ****************************************************************************************************
ok: [localhost]

TASK [add_host] **************************************************************************************************************
changed: [localhost] => (item=xx.xxx.xx.xxx)
changed: [localhost] => (item=yy.yyy.yyy.yyy)

PLAY [instances] *************************************************************************************************************

TASK [Copy gatling.conf] *****************************************************************************************************
ok: [xx.xxx.xx.xxx]
ok: [yy.yyy.yyy.yyy]
Enter passphrase for key '/Users/ccc/.ssh/id_rsa': Enter passphrase for key '/Users/ccc/.ssh/id_rsa':
Enter passphrase for key '/Users/ccc/.ssh/id_rsa':
Enter passphrase for key '/Users/ccc/.ssh/id_rsa':
Enter passphrase for key '/Users/ccc/.ssh/id_rsa':

If I dont use ask-pass flag even the task [Copy gatling.conf] doesn't complete and complaining about could not access the hosts. By adding the flag this part is going well but my next task again asks for pass.

How should I solve this issue? What am I doing wrong here?

3

3 Answers

42
votes

In ansible There is no option to store passphrase-protected private key

For that we need to add the passphrase-protected private key in the ssh-agent

Start the ssh-agent in the background.

# eval "$(ssh-agent -s)"

Add SSH private key to the ssh-agent

# ssh-add ~/.ssh/id_rsa

Now try running ansible-playbook and ssh to the hosts.

15
votes

I solved it by running ssh-add once and use it like if it's not password protected.

2
votes

Building up on @javeed-shakeel's answer, I added the following lines to my .bashrc:

command -v ansible > /dev/null &&
    alias ansible='ssh-add -l > /dev/null || ssh-add 2> /dev/null && ansible'
command -v ansible-playbook > /dev/null &&
    alias ansible-playbook='ssh-add -l > /dev/null || ssh-add 2> /dev/null && ansible-playbook'

This will run ssh-add before ansible(-playbook) iff there was no key added to the ssh-agent, yet. This has the advantage that one does not need to run ssh-add by hand and one will be asked for the passphrase only if it is necessary.