SSH into a Vagrant machine with Ansible

Question

Normally, you can ssh into a Vagrant-managed VM with vagrant ssh . There are two options:

1. You can use an insecure_private_key generated by Vagrant to authenticate.
2. Use your own private key - provided that config.ssh.forward_agent is set to true , and the VM is configured correctly

I use the second option. S when I run vagrant ssh , I ssh into the machine with my custom private key.

Now I need to let Ansible SSH into my Vagrant machine and I do not want to use Vagrantfile for it.

So I executed:

ansible-playbook -i hosts/development --private-key=~/.ssh/id_rsa -u vagrant dev.yml

And I have this error returned:

fatal: [192.168.50.5] => SSH Error: Permission denied (publickey). while connecting to 192.168.50.5:22

The hosts/inventory file holds just the IP of my Vagrant VM (192.168.50.5).

I do not know why Ansible cannot ssh into the VM. It's using exactly the same user ( vagrant ) and key ( id_rsa ) as when executing vagrant ssh .

However, there is no problem sshing with vagrant ssh while the above would not run.

Any suggestions would be much appreciated.

Answer 1

The problem probably lies within your hosts/inventory file. You need to add the proper connection configuration for Ansible therein, save and re-run.

192.168.50.5 ansible_ssh_port=22 ansible_ssh_user=vagrant ansible_ssh_private_key_file=~/.ssh/id_rsa 

If you are not using port 22 , adjust the ansible_ssh_port in your hosts file accordingly.

It is also a possibility that you have not setup your pubkey in Vagrant, hence this would also not work. To test this, run:

vagrant ssh-config | grep IdentityFile
# result should be your private key and not
#   .vagrant/machines/default/virtualbox/private_key

If you have not put your pubkey in the Vagrant vm, you will need to add that before you can try your private key.

Reference: http://docs.ansible.com/ansible/intro_inventory.html#list-of-behavioral-inventory-parameters

Reference: https://docs.vagrantup.com/v2/cli/ssh_config.html

Answer 2

I think that you should try using the inventory generated by vagrant. This will save you from having to maintain an Ansible inventory in addition to your Vagrantfile.

For example, you should find an inventory like this used for vagrant ssh :

cat .vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory
>>>
# Generated by Vagrant

default ansible_host=127.0.0.1 ansible_port=2222 ansible_user='vagrant' ansible_ssh_private_key_file='/home/someone/coding-in-a-project/.vagrant/machines/default/virtualbox/private_key'

You will be able to run ansible ad-hoc commands and ansible-playbook commands. (specify this maybe for your needs : --private-key=~/.ssh/your_private_key )

ansible default -i .vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory -m ansible.builtin.shell -a 'echo foobar'

ansible-playbook -i .vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory playbook.yml

source : https://docs.ansible.com/ansible/latest/scenario_guides/guide_vagrant.html

Answer 3

For those using an inventory.txt, it will look something like this:

[vmgroup]
192.168.56.10

[vmgroup:vars]
ansible_ssh_user=vagrant
ansible_ssh_private_key_file=/Users/amar/centos7/.vagrant/machines/default/virtualbox/private_key

This private key file location was observed from the output of vagrant ssh-config command; Executed while being inside the folder formed with vagrant init centos/7