Ansible: install a package using pip from a private git repository

Question

Ansible: install a package using pip from a private git repository

I am trying to install a package from a private git repository using this module module:

- name: Install my package pip: name='git+ssh:// git@github.com /mycompany/my-repo.git#egg=0.1.0' virtualenv=/path/to/venv

But it freezes when I try to provide this with vagrancy, most likely because it asks for confirmation of adding the key to the list of known hosts. Indeed, when I run this in tramps:

 pip install git+ssh:// git@github.com /mycompany/my-repo.git#egg=0.1.0

It asks for confirmation to add github to know nodes, and then works fine.

If I clone it using accept_hostkey=yes :

 - name: Clone repo git: repo=git@github.com :mycompany/my-repo.git dest=/path/to/dest accept_hostkey=yes recursive=no

it works great because it accepts the host key, which is copied to the tramp. Is there no such option with pip module, anyway? Alternatively, I could make a clone and then python setup.py install , but I would prefer to do it in one step with pip.

+6

git pip ssh ansible

Tristan Jun 29 '15 at 14:32

source share

3 answers

Régis B. · Answer 1 · 2015-06-30T06:45:48+0000

The checkout command hangs because github.com not among the known nodes of your Ansible user. You must add the github.com SSH key fingerprint to the /home/user/.ssh/known_hosts file. Fortunately, known_hosts now a module available in Ansible 1.9: http://docs.ansible.com/known_hosts_module.html

 - known_hosts: path=/home/user/.ssh/known_hosts name=github.com key="|1|ba0yHIHdbaD9nswn12xSOyD8DFE=|EVZBrcr46cYcmx6qFRIrzTvWUX4= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="

If you use Ansible <1.9, you can use the standard ssh-keygen commands:

 - shell: ssh-keygen -l -f /home/user/.ssh/known_hosts -F github.com register: github_host_is_known - shell: ssh-keyscan -H github.com >> /home/user/.ssh/known_hosts when: github_host_is_known|failed

udondan · Answer 2 · 2015-06-29T21:07:12+0000

Run this task to add the host key to your known_hosts file:

 - name: Whitelist github.com shell: if [ ! -n "$(grep "^github.com " ~/.ssh/known_hosts)" ]; then ssh-keyscan github.com >> ~/.ssh/known_hosts 2>/dev/null; fi

Mikko ohtamaa · Answer 3 · 2015-06-29T18:35:38+0000

If this problem is with the authorized host keys, and not with the correct private key, you can do the following.

You can always manually resolve host keys in "~ / .ssh / authorized_keys" before starting pip .

Example:

fooobar.com/questions/989955 / ...

To have the correct private key to access the Github private repository, you can use SSH agent forwarding.

Ansible: install a package using pip from a private git repository

More articles: