0

I have a virtual machine set up with Vagrant. The plan is to provision the vm with a shell script. The Script shall do things, connect to my company's ansible server and let the server run a playbook with the hostlist set to the vm. Now the problem is to make the connections. Because everything shall run automatically user input should be rare or not necessary at all.

I tried to do this via ssh. The server's key is already on my vm. The key of the virtual machine has to be put on the server. My Problem here is that one need to have the password for the server to connect to the first time the connection is established.

I don't use ansible-pull or Ansible as a provisioner for Vagrant because everything shall work on Windows as well.

Do you have any suggestions how to do this and what are different approaches, that might work?

Zwetsche
  • 1
  • If you have ssh key based authentication enabled then should not need to provide password. Otherwise look into Ansible Vault to store the password but I think the key based solution is better. – Tux_DEV_NULL Aug 01 '19 at 13:32
  • I do need to enter a password to copy the pubkey from the vm to the server, don't I? – Zwetsche Aug 02 '19 at 06:29
  • yes, you will need to access to the server to setup the key. but that is one time. when the keys are established you don't need the ssh password anymore. – Tux_DEV_NULL Aug 02 '19 at 08:46
  • Ok. I solved it in another way. I installed a jenkins on the ansible server. In a script I run curl with the project specific parameters and my jenkins triggers the playbook. – Zwetsche Aug 26 '19 at 06:55

1 Answers1

0

Regardless of your solution, some ideas:

  • if your new VM is something like Debian - you could use preseed.cfg to automatically configure the VM and there is an option for "late_command" after the installation is complete (before the first reboot happens). In that moment you could import some authorized_keys. So your VM comes up with already configured pubkeys. I'm sure Redhat based OS has a similar solution. At least a template clone VM could be possible
  • another option is to pass the password to ssh-copy-id with sshpass. See Automating ssh-copy-id

Thats not part of the question, but:... Instead of provision the VM via a shell script you should use an Ansible playbook if you already use Ansible for later configuration.

TRW
  • 488
  • 3
  • 16