Problem: I have several ansible roles I run from the linux command line via the user “deploy” with no problem. On the Foreman host (where I am also running ansible), I have the public and private keys in /home/deploy/.ssh. On the remote host, I have the “deploy” users public key in /home/deploy/.ssh/authorized_hosts.
I would like to run these ansible scripts via the Foreman gui.
In Foreman -> Settings -> Ansible, I set the user as “deploy” and the link to the private key in "/home/deploy/.ssh/id_rsa. No password is set.
I select Monitor -> Dashboard -> my target host (to run ansible tasks on). Immediately in the ansible.log, I see:
fatal: [targetHost] UNREACHEDABLE - Failed to connect to the host via ssh: no such identity: /home/deploy/.ssh/id_rsa: Permission denied
On the Foreman host, I do indeed have a /home/deploy/.ssh/id_rsa file. The permissions are as follows:
I have SELinux in permissive mode, and am watching the logs - nothing yet.
I’m confused when you say the foreman-proxy user must be able to read the keys in /home/deploy. When I change permissions for /home/deploy/.ssh to allow others to read the keys, ssh complains.
I am also seeing a new error when trying to run an Ansible job:
Failed to initialize: RunTimeError - The only applicable proxy is down.
Foreman-proxy is definitely running. I suspect the error above will go away when I figure out the ssh keys.
A foreman proxy is a separate daemon that is running under foreman-proxy unix user and runs the ansible-playbook command at the end. Therefor, this user must be able to access the SSH key, that is used for authentication. In your case, make sure, this user can read /home/deploy/.ssh/id_rsa if you want to use this private key on this foreman-proxy. If the /home/deploy does not exist on foreman-proxy host, don’t change settings in Foreman. Just install the private key toi target host as @kraba suggests.
This is a problem, make sure you see Ansible feature listed on smart proxies page under Infrastructure. Click on refresh to check the proxy is responding.