ansibleを公開鍵認証する時に秘密鍵のパスフレーズを何度も聞かれるのを対策する

2015/03/18 2018/09/19

ansibleを秘密鍵を指定して公開鍵認証する時に秘密鍵にパスフレーズを設定していると、一動作するごとにパスフレーズを聞かれるのですごく面倒くさい。

ためしにやってみると以下のように延々とパスフレーズを着換える。

[kunikiya@home6 ansible]$ ansible-playbook -i hosts/onamae1.kunikiya.jp playbook/cent7.yml --private-key="/home/kunikiya/.ssh/ansible_private_key" -K -vvvv
sudo password:

PLAY [all] ********************************************************************

GATHERING FACTS ***************************************************************
&lt;157.7.~.~&gt;
&lt;157.7.~.~&gt;
&lt;157.7.~.~&gt; IdentityFile=/home/kunikiya/.ssh/ansible_private_key ConnectTimeout=10 PasswordAuthentication=no KbdInteractiveAuthentication=no ForwardAgent=yes PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey Port=22
Enter passphrase for key '/home/kunikiya/.ssh/ansible_private_key':
&lt;157.7.~.~&gt;
Enter passphrase for key '/home/kunikiya/.ssh/ansible_private_key':
&lt;157.7.~.~&gt; IdentityFile=/home/kunikiya/.ssh/ansible_private_key ConnectTimeout=10 'sudo -k &amp;&amp; sudo -H -S -p "[sudo via ansible, key=gyyewwtaapzyzjrakmisucdoclwjqdri] password: " -u root /bin/sh -c '"'"'echo SUDO-SUCCESS-gyyewwtaapzyzjrakmisucdoclwjqdri; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/kunikiya/.ansible/tmp/ansible-tmp-1426640110.34-264435779051132/setup; rm -rf /home/kunikiya/.ansible/tmp/ansible-tmp-1426640110.34-264435779051132/ &gt;/dev/null 2&gt;&amp;1'"'"'' PasswordAuthentication=no KbdInteractiveAuthentication=no ForwardAgent=yes PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey Port=22
Enter passphrase for key '/home/kunikiya/.ssh/ansible_private_key':
ok: [157.7.~.~]

TASK: [install python-selinux] ************************************************
&lt;157.7.~.~&gt;
&lt;157.7.~.~&gt; state=present pkg=libselinux-python
&lt;157.7.~.~&gt; IdentityFile=/home/kunikiya/.ssh/ansible_private_key ConnectTimeout=10 PasswordAuthentication=no KbdInteractiveAuthentication=no ForwardAgent=yes PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey Port=22
Enter passphrase for key '/home/kunikiya/.ssh/ansible_private_key':
&lt;157.7.~.~&gt;
Enter passphrase for key '/home/kunikiya/.ssh/ansible_private_key':
&lt;157.7.~.~&gt; IdentityFile=/home/kunikiya/.ssh/ansible_private_key ConnectTimeout=10 'sudo -k &amp;&amp; sudo -H -S -p "[sudo via ansible, key=nvzfapwwvtjfksqviffcojpmjmpkgfjg] password: " -u root /bin/sh -c '"'"'echo SUDO-SUCCESS-nvzfapwwvtjfksqviffcojpmjmpkgfjg; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python -tt /home/kunikiya/.ansible/tmp/ansible-tmp-1426640126.39-230927170753395/yum; rm -rf /home/kunikiya/.ansible/tmp/ansible-tmp-1426640126.39-230927170753395/ &gt;/dev/null 2&gt;&amp;1'"'"'' PasswordAuthentication=no KbdInteractiveAuthentication=no ForwardAgent=yes PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey Port=22
Enter passphrase for key '/home/kunikiya/.ssh/ansible_private_key':
ok: [157.7.~.~] =&gt; {"changed": false, "msg": "", "rc": 0, "results": ["libselinux-python-2.2.2-6.el7.x86_64 providing libselinux-python is already installed"]}

TASK: [disable selinux] *******************************************************
&lt;157.7.~.~&gt;
&lt;157.7.~.~&gt; state=disabled
&lt;157.7.~.~&gt; IdentityFile=/home/kunikiya/.ssh/ansible_private_key ConnectTimeout=10 PasswordAuthentication=no KbdInteractiveAuthentication=no ForwardAgent=yes PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey Port=22
Enter passphrase for key '/home/kunikiya/.ssh/ansible_private_key':
&lt;157.7.~.~&gt;
Enter passphrase for key '/home/kunikiya/.ssh/ansible_private_key':
&lt;157.7.~.~&gt; IdentityFile=/home/kunikiya/.ssh/ansible_private_key ConnectTimeout=10 'sudo -k &amp;&amp; sudo -H -S -p "[sudo via ansible, key=qeiyrfplokyoeyskumleekdofrqzqzne] password: " -u root /bin/sh -c '"'"'echo SUDO-SUCCESS-qeiyrfplokyoeyskumleekdofrqzqzne; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/kunikiya/.ansible/tmp/ansible-tmp-1426640135.84-154163555149484/selinux; rm -rf /home/kunikiya/.ansible/tmp/ansible-tmp-1426640135.84-154163555149484/ &gt;/dev/null 2&gt;&amp;1'"'"'' PasswordAuthentication=no KbdInteractiveAuthentication=no ForwardAgent=yes PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey Port=22
Enter passphrase for key '/home/kunikiya/.ssh/ansible_private_key':
ok: [157.7.~.~] =&gt; {"changed": false, "configfile": "/etc/selinux/config", "msg": "", "policy": "targeted", "state": "disabled"}

TASK: [install vim] ***********************************************************
&lt;157.7.~.~&gt;
&lt;157.7.~.~&gt; state=latest pkg=vim
&lt;157.7.~.~&gt; IdentityFile=/home/kunikiya/.ssh/ansible_private_key ConnectTimeout=10 PasswordAuthentication=no KbdInteractiveAuthentication=no ForwardAgent=yes PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey Port=22
Enter passphrase for key '/home/kunikiya/.ssh/ansible_private_key':
&lt;157.7.~.~&gt;
Enter passphrase for key '/home/kunikiya/.ssh/ansible_private_key':

[kunikiya@home6 ansible]$ ansible-playbook -i hosts/onamae1.kunikiya.jp playbook/cent7.yml --private-key="/home/kunikiya/.ssh/ansible_private_key" -K -vvvv

sudo password:

PLAY [all] ********************************************************************

GATHERING FACTS ***************************************************************

<157.7.~.~>

<157.7.~.~> IdentityFile=/home/kunikiya/.ssh/ansible_private_key ConnectTimeout=10 PasswordAuthentication=no KbdInteractiveAuthentication=no ForwardAgent=yes PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey Port=22