2015-09-27

ssh-add complains: Could not open a connection to your authentication agent

When running an ansible playbook a series of ssh connections is used to perform the different playbook actions. Each ssh connection requires the ssh-key passphrase to be entered. The default way to avoid this is to use ssh-agent. The ssh-agent stores your passphrase and send it to ssh if needed. To import a key into ssh-agent you use ssh-add. I try it for my ansible experiments where ansible is running in a docker container (see my previous posts)
docker run --rm -i -t -v $(pwd):/data -w /data thomo/ansible bash -c "ssh-add deploy__2015 && ANSIBLE_SSH_ARGS='-o UserKnownHostsFile=newhosts.keys -i ./deploy__2015' ansible-playbook site.yml -i ./inventories/hosts.baremetal"
Could not open a connection to your authentication agent.
Seams that there is no ssh-agent running. The agent can be start with
eval $(ssh-agent)
But you have to take care, that the evaluation is postponed to shell in the docker - and not be done already in the host shell. So put it in single quotes:
$ ./dr 'eval $(ssh-agent) && ssh-add ./deploy__2015 && ANSIBLE_SSH_ARGS="-o UserKnownHostsFile=newhosts.keys -i ./deploy__2015" ansible-playbook site.yml -i ./inventories/hosts.baremetal'
Agent pid 8
Enter passphrase for ./deploy__2015:
Identity added: ./deploy__2015 (./deploy__2015)

PLAY [apply common configuration to all nodes] *************************
...
dr is a small script which wraps the docker run parameter
docker run --rm -i -t -w /data -v $(pwd):/data thomo/ansible bash -c "$*"

Update 2016-01-06

Improved dr script
SSHPARAM='eval $(ssh-agent) && ssh-add ./deploy__2015 && ANSIBLE_SSH_ARGS="-o UserKnownHostsFile=newhosts.keys -i ./deploy__2015"'
docker run --rm -i -t -w /data -v $(pwd):/data thomo/ansible:20160106 sh -c "${SSHPARAM} $*"
Example usage:
$ ./dr "ansible server -u deploy -m ping -i ./inventories/hosts.baremetal"
Agent pid 9
Enter passphrase for ./deploy__2015:
Identity added: ./deploy__2015 (./deploy__2015)
10.0.0.1 | success >> {
    "changed": false,
    "ping": "pong"
}

Keine Kommentare

Kommentar veröffentlichen