Can't run ansible roles from Foreman

Problem: I have several ansible roles I run from the linux command line via the user “deploy” with no problem. On the Foreman host (where I am also running ansible), I have the public and private keys in /home/deploy/.ssh. On the remote host, I have the “deploy” users public key in /home/deploy/.ssh/authorized_hosts.

I would like to run these ansible scripts via the Foreman gui.

In Foreman -> Settings -> Ansible, I set the user as “deploy” and the link to the private key in "/home/deploy/.ssh/id_rsa. No password is set.

I select Monitor -> Dashboard -> my target host (to run ansible tasks on). Immediately in the ansible.log, I see:

fatal: [targetHost] UNREACHEDABLE - Failed to connect to the host via ssh: no such identity: /home/deploy/.ssh/id_rsa: Permission denied

On the Foreman host, I do indeed have a /home/deploy/.ssh/id_rsa file. The permissions are as follows:

700 /home/deploy/.ssh
600 /home/deploy/id_rsa

What do I have set up incorrectly?

The foreman-proxy user must be able to read these keys. Make sure this user
has access to them. Also check avc denials if you use SELinux.

Hope that helps

I have SELinux in permissive mode, and am watching the logs - nothing yet.

I’m confused when you say the foreman-proxy user must be able to read the keys in /home/deploy. When I change permissions for /home/deploy/.ssh to allow others to read the keys, ssh complains.

I am also seeing a new error when trying to run an Ansible job:
Failed to initialize: RunTimeError - The only applicable proxy is down.

Foreman-proxy is definitely running. I suspect the error above will go away when I figure out the ssh keys.

Thanks for your help-

/home/deploy/.ssh/authorized_keys is the correct file.
For example with my foreman-proxy key I usually do this:

curl https://myforeman:9090/ssh/pubkey >> ~/.ssh/authorized_keys -k

A foreman proxy is a separate daemon that is running under foreman-proxy unix user and runs the ansible-playbook command at the end. Therefor, this user must be able to access the SSH key, that is used for authentication. In your case, make sure, this user can read /home/deploy/.ssh/id_rsa if you want to use this private key on this foreman-proxy. If the /home/deploy does not exist on foreman-proxy host, don’t change settings in Foreman. Just install the private key toi target host as @kraba suggests.

This is a problem, make sure you see Ansible feature listed on smart proxies page under Infrastructure. Click on refresh to check the proxy is responding.