SSH into a Vagrant machine with Ansible

Asked 23/9, 2015 at 20:8 Answered 23/1 at 17:56

Solved ssh vagrant ansible

Normally, you can ssh into a Vagrant-managed VM with vagrant ssh. There are two options:

You can use an insecure_private_key generated by Vagrant to authenticate.
Use your own private key - provided that config.ssh.forward_agent is set to true, and the VM is configured correctly

I use the second option. S when I run vagrant ssh, I ssh into the machine with my custom private key.

Now I need to let Ansible SSH into my Vagrant machine and I do not want to use Vagrantfile for it.

So I executed:

ansible-playbook -i hosts/development --private-key=~/.ssh/id_rsa -u vagrant dev.yml

And I have this error returned:

fatal: [192.168.50.5] => SSH Error: Permission denied (publickey). while connecting to 192.168.50.5:22

The hosts/inventory file holds just the IP of my Vagrant VM (192.168.50.5).

I do not know why Ansible cannot ssh into the VM. It's using exactly the same user (vagrant) and key (id_rsa) as when executing vagrant ssh.

However, there is no problem sshing with vagrant ssh while the above would not run.

Any suggestions would be much appreciated.

Imperative answered 23/9, 2015 at 20:8 Comment(2)

are you sure that port is 22 and not 2222? – Straighten 23/9, 2015 at 20:57

researched a few possibilities after my answer. i believe you have not setup your pubkey in the vm vagrant user's authorized_keys. i don't recommend using your personal keys for vagrant unless absolutely necessary. – Sidereal 23/9, 2015 at 22:59

The problem probably lies within your hosts/inventory file. You need to add the proper connection configuration for Ansible therein, save and re-run.

192.168.50.5 ansible_ssh_port=22 ansible_ssh_user=vagrant ansible_ssh_private_key_file=~/.ssh/id_rsa

If you are not using port 22, adjust the ansible_ssh_port in your hosts file accordingly.

It is also a possibility that you have not setup your pubkey in Vagrant, hence this would also not work. To test this, run:

vagrant ssh-config | grep IdentityFile
# result should be your private key and not
#   .vagrant/machines/default/virtualbox/private_key

If you have not put your pubkey in the Vagrant vm, you will need to add that before you can try your private key.

Reference: http://docs.ansible.com/ansible/intro_inventory.html#list-of-behavioral-inventory-parameters

Reference: https://docs.vagrantup.com/v2/cli/ssh_config.html

Sidereal answered 23/9, 2015 at 22:5 Comment(3)

The reason for me not being able to ssh was that I was using a wrong private key file. The correct key to use was revealed by vagrant ssh-config. Thank you! – Imperative 24/9, 2015 at 19:14

I was struggling using a custom inventory file. my issue was I had to specify the custom port number when I was specifying the host in the inventory: [default] 127.0.0.1:2201 otherwise it defaults to 22 and I could not set this in ansible.cfg or Vagrantfile – Subdual 9/1, 2017 at 12:43

@Subdual you can also use ansible_ssh_port=2201 in the inventory file – Sidereal 9/1, 2017 at 16:16

I think that you should try using the inventory generated by vagrant. This will save you from having to maintain an Ansible inventory in addition to your Vagrantfile.

For example, you should find an inventory like this used for vagrant ssh:

cat .vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory
>>>
# Generated by Vagrant

default ansible_host=127.0.0.1 ansible_port=2222 ansible_user='vagrant' ansible_ssh_private_key_file='/home/someone/coding-in-a-project/.vagrant/machines/default/virtualbox/private_key'

You will be able to run ansible ad-hoc commands and ansible-playbook commands. (specify this maybe for your needs : --private-key=~/.ssh/your_private_key)

ansible default -i .vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory -m ansible.builtin.shell -a 'echo foobar'

ansible-playbook -i .vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory playbook.yml

source : https://docs.ansible.com/ansible/latest/scenario_guides/guide_vagrant.html

Inspirit answered 18/11, 2020 at 17:23 Comment(0)

For those using an inventory.txt, it will look something like this:

[vmgroup]
192.168.56.10

[vmgroup:vars]
ansible_ssh_user=vagrant
ansible_ssh_private_key_file=/Users/amar/centos7/.vagrant/machines/default/virtualbox/private_key

This private key file location was observed from the output of vagrant ssh-config command; Executed while being inside the folder formed with vagrant init centos/7

Automaton answered 24/6, 2022 at 23:20 Comment(1)

What flags do I pass to ansible to get it to target vmgroup specified this way? – Opec 10/10, 2022 at 5:41

To let Ansible access into a Vagrant machine via SSH we'll need the following ingredients:

vagrant ssh-config outputs OpenSSH valid configuration to connect to the Vagrant VMs (see vagrant ssh-config - Command-Line Interface )
ansible_ssh_common_args is always appended to the default command line for ssh commands (see How to build your inventory - Ansible Documentation)
In SSH commands, the option -F specifies an alternative per-user configuration file (see ssh - Linux manual page)

Here's what you could do. First, execute vagrant ssh-config > .vagrant/ssh-config. Then, create an inventory file dedicated to Vagrant (e.g. inventories/vagrant.yml) with the following contents:

all:
  hosts:
    vagrant-host-1:
    vagrant-host-2:
  vars:
    ansible_ssh_common_args: -F .vagrant/ssh-config

You're ready to let Ansible SSH into Vagrant VMs by adding -i inventories/vagrant.yml to the commands! For example, you could run the following command to test the connection:

ansible -i inventories/vagrant.yml all -m ping

Undershorts answered 23/1 at 17:56 Comment(0)

Recommended topics

Hot tags