Configurations
We will associate our newly generated key to be used for Gitlab connections. Doing it this way, we can separate ssh keys between many sites.
vim .ssh/config
Make sure to use the :set paste
option to ensure formatting stays correct.
Host gitlab.com
HostName gitlab.com
IdentityFile ~/.ssh/ansible_key
To exit vim:
press <esc>
type :wq
Now let’s get a copy of your public ssh key
cat .ssh/ansible_key.pub
Copy the output, it should start like below:
ssh-rsa
Now go to Gitlab and create an account, once that is created we will upload your public ssh key to Gitlab (ansible_lab.pub).
Click on your icon (top right, then Preferences)
On the left hand side you should see SSH Keys
Paste your public key
Warning
Make certain you are NOT
about to put your private keys in the cloud
Time to test our ssh key with Gitlab:
ssh -T git@gitlab.com
Now we can configure the Ansible config file, but first let’s move to our Project Directory
cd ansible_lab
Fist let’s add our Ansible Config file with a few directives:
Ansible has host key checking enabled by default.
If a host is reinstalled and has a different key in ‘known_hosts’, this will result in an error message until corrected. If a host is not initially in ‘known_hosts’ this will result in prompting for confirmation of the key, which results in an interactive experience if using Ansible, from say, cron. You might not want this.
If you understand the implications and wish to disable this behavior, you can do so by editing ansible.cfg [1]
Configuration file is processed in the following order:
ANSIBLE_CONFIG (environment variable if set)
ansible.cfg (in current directory)
~/.ansible.cfg (in the home directory)
/etc/ansible/ansible.cfg
Ansible will process the above list and use the first file found, all others are ignored
vim ansible.cfg
[defaults]
host_key_checking = False
inventory = inventory
log_path = ansible.log
#vault_password_file = .vault.key
Note
Pro-Tip configure an ansible.cfg per project
Footnotes