Ansible with SSH keys

Question

Moving from Puppet to Ansible. Like the fact that it is agent less and SSH driven. I just setup two test VMs. One as the Ansible server (yes overkill), and the other as an example client (random Linux server). All our servers use public private key pair authentication only. This is somewhat problematic for Ansible initially. I pretty (almost certain) that Ansible can work with key pairs but I cant seem to find a good example of how.

I created a key pair specifically for Ansible by doing a

ssh-keygen -t rsa -b 4096

I then copied the public key over to the client. The keypair authentication works great when I tested it over standard SSH. Now to test out Ansible. I put the test client in the Ansible hosts file and used the only syntax that looked half correct to get the keypair to work.

[TEST]
10.0.0.5 ansible_ssh_private_key_file=~/.ssh/id_rsa

When I try to run just a basic test module such as this

sudo ansible all -m ping

I get the following error message

10.0.0.5 | FAILED => SSH Error: Permission denied (publickey,password).
while connecting to 10.0.0.5:22
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.

Clearly my syntax or conceptual understanding of how to setup Ansible to use keypairs is flawed. Any suggestions? Thanks

Answer 1

DUH! It was right in the ansible config file (/etc/ansible/ansible.cfg)

# if set, always use this private key file for authentication, same as
# if passing --private-key to ansible or ansible-playbook
private_key_file = /home/<username>/.ssh/id_rsa

Now everything seems to work

10.0.0.5 | success >> {
"changed": false,
"ping": "pong"
}

Answer 2

If you ever run into SSH problems with ansible again, add -vvv to the command line options and it will tell you what went wrong.