Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Example playbook for cloning a private git repository with Ansible.
---
hosts: all
tasks:
- name: add github ssh key
copy: >
src=files/id_rsa.github
dest=/root/.ssh/id_rsa.github
owner=root
group=root
mode=0600
- name: configure ssh to use ansible key for github.com
template: >
src=templates/ssh_config.j2
dest=/root/.ssh/config
owner=root
group=root
mode=0644
- name: clone a private repository
git: >
repo=ssh://git@github.com/someone/example-repo.git
key_file=/root/.ssh/id_rsa.github
dest=/opt/example
# Obviously this is an example private key. Replace with your own ssh private key
# and ensure it has been added to your GitHub account.
# files/id_rsa.github
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAzoyI5fvatHZ8kjtDLr7uOtoc7dziWVAPsf6oLzzZ1Bbs7e0u
t1IR/eTakDY/NwQi9o5y0MDSDnSwPyaV4heMY6eY2lABUFU+NenW+0P53akqdGc8
ejXhhv3gbfJ+sNmdU6CNtm2lxlZ2UwJVlRTwvLARiUN/OnPudGQYD4qJ1uZQy9Lj
5j+mJMMiCOV0zX3HVrlAQHTgnUPe+yIzbC9J9rtjhBquNFLrsxgkzgWYcmUMEp+i
wO9xHOOetekrP1qV+TmkM9pSeCUjL0uBeSDtsfEKbC9He5EmLMdayDsrxtCRG8GG
EzJK3vdn4ITTqTdf82YhPhbcSwogw0/LzYrcAQIDAQABAoIBAGiXHVNoHy02uonJ
3JE1OakvfWqtaSjUs73sN/oDlEIjgcJRUlCeDGJGmq5f6c7QF2xGYbl3imari/vO
bCNazUpBOdOCo8esAp6GVMhTeZlW6hqblDJGSndy40yJeMHQ0Cvipx/zkfhHHA+Y
pQGi4uyJM7gQJ8LPpbXmYZCtFHNur9gT+XX86tpRLqEp4XMaGzaDpqEEu2qitUfy
lRQq3cyHUfWd/ccAQ966qwHlZ2KGeL9t7pVsWA/npDWXF8UfSR5a39EtTLR2S2du
HXXOajdXgfPlnCNUuOnzlUlvVmS9RYUztstWNC+KBA+5SQnAavQieYidA/a4Ruhi
fNvGgAECgYEA8fQAp8NJSJnzBz5s25qmexWRkVhp8epapSKjOx03XE9WMsna0kRM
mYX2xAdf1K4Tj+8oHdPSmlXSRcL9Lmtvb9XZ/VtgmhluKz40iRqvxP18L/InRAXm
3V7dpVxoru6ldmeGiek7KEZq5hIQW3ijmlBuuduj3mviBB2Eq4VscYECgYEA2opX
nX0fLpG9ae9TOgO2GA5fyWgp0Pk/SPnGkHSdGlK7bh/gFei6EXKFsbU51aoDq7RV
FVrA7+xz2weppryhF3/lhVXONLUms1WvbLqca2Mu0Jtzv5F9se1GTJQpgQZc64Fq
dSTKCs6/HVcPq9XZJaw+QK6pBEq4Xk4O2KWGqoECgYBbuWHqN5l3oY1FiL/h/N3y
OXoG/NqlMHAOvHPfPDM5loYaGPYQ0n2rkeK77APDb/7QiRzPOfdUNQbTFZm/2FDV
t9+9McAMi2l9kUZ/V5Oc/W/wCUAjhI1CDO2/+6lf7+7gVVzmuXmIyjFKaTy0QKbd
IHLpmL+l2YZEgyBBmgJDgQKBgBuNy8QwjWjquS4NHbo305Ku5UbYmkUd1+vUikOW
YGR8P+N/o1o/0I34mYCxb8xPtkzE3OFnYuIdNvJLwgkiyVDUMFUiX3Bn0qxTxl14
HdawV6u3nd1uc6GmX/Gx0JXS/o427/w7GjpInPIPEwvAV7OXRvYSz36aCSrivp50
KEmBAoGAHuuJPyiK8FvfWdxC7iqAw/VbUZMaknpujrI4gYRGHR1q65d4g4GbjgTf
8EGacRRMmqMGsuJIckWMPA1avC2h5C+w7BZx851HZJvuWt7YmcEuvx1KP7G3bU+h
fVQWuUcj3Cto/US5H2fE7v9+PmRsAgPe5Ozw5N+WAu12rLV//Aw=
-----END RSA PRIVATE KEY-----
# templates/ssh_config.j2
{{ ansible_managed | comment }}
Host github.com
IdentityFile /root/.ssh/id_rsa.github
IdentitiesOnly yes
@djuretic

This comment has been minimized.

Copy link

commented Sep 20, 2018

Thanks! It worked for me

@Bhanuvadlamudi

This comment has been minimized.

Copy link

commented Jan 21, 2019

Hi
i am new to ansible
i want to add a new task in ansible to git pull the checked in code into ec2 instance and run small application in ec2 instance, can you please help me with that ???

@sampathpogula

This comment has been minimized.

Copy link

commented Feb 26, 2019

Its worked for me.Thank you

@saeed0808

This comment has been minimized.

Copy link

commented Mar 16, 2019

its not working for me can you help me.

@digitalbricklayer

This comment has been minimized.

Copy link

commented Mar 20, 2019

This works but only after I have done a manual git clone to the repository in question and answered yes when it asked me whether I wished to continue connecting.

The git clone command outputs this:
Cloning into 'repo name'...
The authenticity of host 'github.com (ip address of github.com)' can't be established.
RSA key fingerprint is SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
RSA key fingerprint is MD5:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
Are you sure you want to continue connecting (yes/no)?

When I answer yes, a file is created /root/.ssh/known_hosts

The next time I execute the playbook with the same VM, the git clone works fine. If I delete the /root/.ssh/known_hosts file again, it fails.

Any ideas where I went wrong?

My VM is Centos 7.4 if that makes any difference.

EDIT:
I have resolved the problem above. Adding StrictHostKeyChecking no to the ssh_config works now but according to some sources at a slight degrading of security. My edited ssh_config now looks like this:


{{ ansible_managed | comment }}

Host github.com
IdentityFile /root/.ssh/id_rsa.github
IdentitiesOnly yes
StrictHostKeyChecking no```
@qwuscu

This comment has been minimized.

Copy link

commented Apr 24, 2019

Hello, if my user is normal user who doesn't have root permission to access /root/.ssh, what can we do?

@stephendwolff

This comment has been minimized.

Copy link

commented Aug 19, 2019

@digitalbricklayer - the Ansible docs have a note about hanging now. Still - i ended up having to do a manual checkout as you suggested.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.