Example playbook for cloning a private git repository with Ansible.

ansible-github.yml

---

hosts: all
tasks:
  - name: add github ssh key
    copy: >
      src=files/id_rsa.github
      dest=/root/.ssh/id_rsa.github
      owner=root
      group=root
      mode=0600
  
  - name: configure ssh to use ansible key for github.com
    template: >
      src=templates/ssh_config.j2
      dest=/root/.ssh/config
      owner=root
      group=root
      mode=0644
      
  - name: clone a private repository
    git: >
      repo=ssh://git@github.com/someone/example-repo.git
      key_file=/root/.ssh/id_rsa.github
      dest=/opt/example

id_rsa.github

# Obviously this is an example private key. Replace with your own ssh private key
# and ensure it has been added to your GitHub account.

# files/id_rsa.github

-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAzoyI5fvatHZ8kjtDLr7uOtoc7dziWVAPsf6oLzzZ1Bbs7e0u
t1IR/eTakDY/NwQi9o5y0MDSDnSwPyaV4heMY6eY2lABUFU+NenW+0P53akqdGc8
ejXhhv3gbfJ+sNmdU6CNtm2lxlZ2UwJVlRTwvLARiUN/OnPudGQYD4qJ1uZQy9Lj
5j+mJMMiCOV0zX3HVrlAQHTgnUPe+yIzbC9J9rtjhBquNFLrsxgkzgWYcmUMEp+i
wO9xHOOetekrP1qV+TmkM9pSeCUjL0uBeSDtsfEKbC9He5EmLMdayDsrxtCRG8GG
EzJK3vdn4ITTqTdf82YhPhbcSwogw0/LzYrcAQIDAQABAoIBAGiXHVNoHy02uonJ
3JE1OakvfWqtaSjUs73sN/oDlEIjgcJRUlCeDGJGmq5f6c7QF2xGYbl3imari/vO
bCNazUpBOdOCo8esAp6GVMhTeZlW6hqblDJGSndy40yJeMHQ0Cvipx/zkfhHHA+Y
pQGi4uyJM7gQJ8LPpbXmYZCtFHNur9gT+XX86tpRLqEp4XMaGzaDpqEEu2qitUfy
lRQq3cyHUfWd/ccAQ966qwHlZ2KGeL9t7pVsWA/npDWXF8UfSR5a39EtTLR2S2du
HXXOajdXgfPlnCNUuOnzlUlvVmS9RYUztstWNC+KBA+5SQnAavQieYidA/a4Ruhi
fNvGgAECgYEA8fQAp8NJSJnzBz5s25qmexWRkVhp8epapSKjOx03XE9WMsna0kRM
mYX2xAdf1K4Tj+8oHdPSmlXSRcL9Lmtvb9XZ/VtgmhluKz40iRqvxP18L/InRAXm
3V7dpVxoru6ldmeGiek7KEZq5hIQW3ijmlBuuduj3mviBB2Eq4VscYECgYEA2opX
nX0fLpG9ae9TOgO2GA5fyWgp0Pk/SPnGkHSdGlK7bh/gFei6EXKFsbU51aoDq7RV
FVrA7+xz2weppryhF3/lhVXONLUms1WvbLqca2Mu0Jtzv5F9se1GTJQpgQZc64Fq
dSTKCs6/HVcPq9XZJaw+QK6pBEq4Xk4O2KWGqoECgYBbuWHqN5l3oY1FiL/h/N3y
OXoG/NqlMHAOvHPfPDM5loYaGPYQ0n2rkeK77APDb/7QiRzPOfdUNQbTFZm/2FDV
t9+9McAMi2l9kUZ/V5Oc/W/wCUAjhI1CDO2/+6lf7+7gVVzmuXmIyjFKaTy0QKbd
IHLpmL+l2YZEgyBBmgJDgQKBgBuNy8QwjWjquS4NHbo305Ku5UbYmkUd1+vUikOW
YGR8P+N/o1o/0I34mYCxb8xPtkzE3OFnYuIdNvJLwgkiyVDUMFUiX3Bn0qxTxl14
HdawV6u3nd1uc6GmX/Gx0JXS/o427/w7GjpInPIPEwvAV7OXRvYSz36aCSrivp50
KEmBAoGAHuuJPyiK8FvfWdxC7iqAw/VbUZMaknpujrI4gYRGHR1q65d4g4GbjgTf
8EGacRRMmqMGsuJIckWMPA1avC2h5C+w7BZx851HZJvuWt7YmcEuvx1KP7G3bU+h
fVQWuUcj3Cto/US5H2fE7v9+PmRsAgPe5Ozw5N+WAu12rLV//Aw=
-----END RSA PRIVATE KEY-----

ssh_config.j2

# templates/ssh_config.j2

{{ ansible_managed | comment }}

Host github.com
IdentityFile /root/.ssh/id_rsa.github
IdentitiesOnly yes

Thanks! It worked for me

Hi
i am new to ansible
i want to add a new task in ansible to git pull the checked in code into ec2 instance and run small application in ec2 instance, can you please help me with that ???

Its worked for me.Thank you

its not working for me can you help me.

This works but only after I have done a manual git clone to the repository in question and answered yes when it asked me whether I wished to continue connecting.

The git clone command outputs this:
Cloning into 'repo name'...
The authenticity of host 'github.com (ip address of github.com)' can't be established.
RSA key fingerprint is SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
RSA key fingerprint is MD5:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
Are you sure you want to continue connecting (yes/no)?

When I answer yes, a file is created /root/.ssh/known_hosts

The next time I execute the playbook with the same VM, the git clone works fine. If I delete the /root/.ssh/known_hosts file again, it fails.

Any ideas where I went wrong?

My VM is Centos 7.4 if that makes any difference.

EDIT:
I have resolved the problem above. Adding StrictHostKeyChecking no to the ssh_config works now but according to some sources at a slight degrading of security. My edited ssh_config now looks like this:

{{ ansible_managed | comment }}

Host github.com
IdentityFile /root/.ssh/id_rsa.github
IdentitiesOnly yes
StrictHostKeyChecking no```

Hello, if my user is normal user who doesn't have root permission to access /root/.ssh, what can we do?

@digitalbricklayer - the Ansible docs have a note about hanging now. Still - i ended up having to do a manual checkout as you suggested.

new to ansible. i can remote into the host and just 'git clone ' and it pulls the repo no problems. what am i missing? I've disable strickHostKeyChecking and still no joy via ansible.

fatal: [104.248.127.247]: FAILED! => {"changed": false, "cmd": "/usr/bin/git clone --origin origin 'ssh:********@github.com:svendavison/ansible-for-keeps.git' /data/ansible-crap/repos", "msg": "ssh: Could not resolve hostname github.com:svendavison: Name or service not known\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.", "rc": 128, "stderr": "ssh: Could not resolve hostname github.com:svendavison: Name or service not known\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n", "stderr_lines": ["ssh: Could not resolve hostname github.com:svendavison: Name or service not known", "fatal: Could not read from remote repository.", "", "Please make sure you have the correct access rights", "and the repository exists."], "stdout": "Cloning into '/data/ansible-crap/repos'...\n", "stdout_lines": ["Cloning into '/data/ansible-crap/repos'..."]}

Double check your repository url. Looks a bit odd at a glance. Sent from a mobile device!

…

On 23 Dec 2019, at 21:51, Sven Davison ***@***.***> wrote:  new to ansible. i can remote into the host and just 'git clone ' and it pulls the repo no problems. what am i missing? fatal: [104.248.127.247]: FAILED! => {"changed": false, "cmd": "/usr/bin/git clone --origin origin ***@***.***:svendavison/ansible-for-keeps.git' /data/ansible-crap/repos", "msg": "ssh: Could not resolve hostname github.com:svendavison: Name or service not known\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.", "rc": 128, "stderr": "ssh: Could not resolve hostname github.com:svendavison: Name or service not known\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n", "stderr_lines": ["ssh: Could not resolve hostname github.com:svendavison: Name or service not known", "fatal: Could not read from remote repository.", "", "Please make sure you have the correct access rights", "and the repository exists."], "stdout": "Cloning into '/data/ansible-crap/repos'...\n", "stdout_lines": ["Cloning into '/data/ansible-crap/repos'..."]} — You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.

Yep. They fixed it. I blindly took a couple examples and didn’t sanitize/validate them. I’m good now thanks!

…

-Sven Davison (sent from my iPhone)

On Dec 24, 2019, at 3:07 AM, Stephen Wolff ***@***.***> wrote: Double check your repository url. Looks a bit odd at a glance. Sent from a mobile device! > On 23 Dec 2019, at 21:51, Sven Davison ***@***.***> wrote: > >  > new to ansible. i can remote into the host and just 'git clone ' and it pulls the repo no problems. what am i missing? > > fatal: [104.248.127.247]: FAILED! => {"changed": false, "cmd": "/usr/bin/git clone --origin origin ***@***.***:svendavison/ansible-for-keeps.git' /data/ansible-crap/repos", "msg": "ssh: Could not resolve hostname github.com:svendavison: Name or service not known\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.", "rc": 128, "stderr": "ssh: Could not resolve hostname github.com:svendavison: Name or service not known\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n", "stderr_lines": ["ssh: Could not resolve hostname github.com:svendavison: Name or service not known", "fatal: Could not read from remote repository.", "", "Please make sure you have the correct access rights", "and the repository exists."], "stdout": "Cloning into '/data/ansible-crap/repos'...\n", "stdout_lines": ["Cloning into '/data/ansible-crap/repos'..."]} > > — > You are receiving this because you commented. > Reply to this email directly, view it on GitHub, or unsubscribe. — You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.

it worked for me thanks a lot

Help me with this one ansible/ansible#67416