10

I am trying to install a package from a private git repo using ansible's pip module this way:

- name: Install my package
  pip: name='git+ssh://git@github.com/mycompany/my-repo.git#egg=0.1.0'
       virtualenv=/path/to/venv

But this hangs when I try to provision this with vagrant, most likely because it prompts for confirmation to add the key to the list of known hosts. Indeed when I run this in vagrant:

pip install git+ssh://git@github.com/mycompany/my-repo.git#egg=0.1.0

It prompts for confirmation to add github to the know hosts and then works fine.

If I clone it with accept_hostkey=yes:

- name: Clone repo
  git: repo=git@github.com:mycompany/my-repo.git
       dest=/path/to/dest
       accept_hostkey=yes
       recursive=no

it works fine because it accepts the host key that is copied on vagrant. With the pip module there is no such option, any way around this? As an alternative I could do a clone and then a python setup.py install but I'd rather do that in one step with pip.

Tristan
  • 3,192
  • 3
  • 20
  • 32
  • What happens when you run `pip install git+ssh://git@github.com/mycompany/my-repo.git#egg=0.1.0` manually? – Régis B. Jun 29 '15 at 14:59
  • It works fine, yes sorry I should have added this information – Tristan Jun 29 '15 at 15:06
  • And does it just just as well when you run the command outside of bash, i.e: when environment commands are not defined? Try to `unset HOME` and run the pip command again. – Régis B. Jun 29 '15 at 15:23
  • Ok so I just realised you meant running that command in vagrant which I did and it also worked after prompting for confirmation to add github.com to the list of known hosts which is why the provisioning hangs most likely. `unset HOME` didn't make a difference. – Tristan Jun 29 '15 at 16:54
  • Ok so now provisioning should be working. – Régis B. Jun 29 '15 at 21:04

3 Answers3

3

The checkout command hangs because github.com is not among the known hosts of your Ansible user. You should add the github.com SSH key fingerprint to the /home/user/.ssh/known_hosts file. Fortunately, known_hosts is now a module available in Ansible 1.9: http://docs.ansible.com/known_hosts_module.html

- known_hosts: path=/home/user/.ssh/known_hosts name=github.com key="|1|ba0yHIHdbaD9nswn12xSOyD8DFE=|EVZBrcr46cYcmx6qFRIrzTvWUX4= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="

If you are using Ansible < 1.9, you may use standard ssh-keygen commands:

- shell: ssh-keygen -l -f /home/user/.ssh/known_hosts -F github.com
  register: github_host_is_known
- shell: ssh-keyscan -H github.com >> /home/user/.ssh/known_hosts 
  when: github_host_is_known|failed
Régis B.
  • 10,092
  • 6
  • 54
  • 90
1

Run this task to add the hostkey to your known_hosts file:

- name: Whitelist github.com
  shell: if [ ! -n "$(grep "^github.com " ~/.ssh/known_hosts)" ]; then ssh-keyscan github.com >> ~/.ssh/known_hosts 2>/dev/null; fi
udondan
  • 57,263
  • 20
  • 190
  • 175
0

If this issue is about authorized host keys and not about having a correct private key in place then you can do the following.

You can always manually authorize host keys in "~/.ssh/authorized_keys" before running pip.

Example:

https://stackoverflow.com/a/24305223/315168

To have a correct private key to access private Github repository you can use SSH agent forwarding.

Community
  • 1
  • 1
Mikko Ohtamaa
  • 82,057
  • 50
  • 264
  • 435