Vagrant and Private Repositories
43 views
Skip to first unread message
Phill Pafford
Jun 23, 2015, 10:43:00 AM6/23/15
to ansible...@googlegroups.com
I've read a couple posts like this one
But still no luck, but I wanted to know if I'm going about this the right or wrong way.
The problem:
I've created a Vagrant and I'm using Ansible to provision it, this is working great! The problem comes into play when I need to checkout my project which is in a Private Repository (Atlassian Stash aka Bitbucket aka git). I'd like to use my SSH key that I have configured on Atlassian Stash to pull down the project onto the Vagrant I have running but in order to do this I would need to copy my existing private SSH key onto my Vagrant. Which I do not want to do. I thought about generating a new key on the Vagrant box itself and then pushing the new public ket to Atlassian Stash via the API but this still needs me to authenticate with Atlassian Stash.
Also I'd like to use the same Ansible playbook to provision my Production Server in the future so I'm trying to keep the process the same.
I've looked a little into Ansible Vault but have not played with it..
Am I going about this the right way? what have others done?
Thanks,
--Pafford
Brian Coca
Jun 26, 2015, 12:31:36 AM6/26/15
to ansible...@googlegroups.com
These are not really ansible questions, they are really ssh setup questions.
i don't recommend copying private keys, I would either generate a new
one and add that to stash. You can have multiple per user, or just
create a readonly deployment user to do checkouts. Another option is
to forward your ssh key as you login to the vagrant box.
Ansible vault is for keeping secrets encrypted, it will not help you
with ssh access, but it can keep passwords and keys safe.
--
Brian Coca
i don't recommend copying private keys, I would either generate a new
one and add that to stash. You can have multiple per user, or just
create a readonly deployment user to do checkouts. Another option is
to forward your ssh key as you login to the vagrant box.
Ansible vault is for keeping secrets encrypted, it will not help you
with ssh access, but it can keep passwords and keys safe.
--
Brian Coca
Marcus Franke
Jun 26, 2015, 3:47:24 AM6/26/15
to ansible...@googlegroups.com
Hi,
looks like you are having an application deployment problem and not a ssh key problem.
Have you thought about creating for example an operating system package like rpm or deb out of your application instead of doing a got checkout deployment?
If you are using a ci server by chance like Jenkins already why not create a pipeline and the last step is to create a deployment artefact and promote it to some sort of repository server?
You will gain lots of benefits from this. Security will love you, as your application servers do not need to dial out on ssh any longer.
regards,
/mf
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/6d7c4737-3636-44e7-bb10-67340caa358a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages