Skip to content

Added note on ansible known issues #253

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
juanmatias merged 3 commits into from
Dec 2, 2025
Merged

Added note on ansible known issues #253

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
fbec2b2
Added note on ansible known issues
juanmatias Dec 2, 2025
2ed31fd
Improved text
juanmatias Dec 2, 2025
7f15a0a
Fixed typo
juanmatias Dec 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 37 additions & 0 deletions docs/user-guide/ref-architecture-ansible/known-issues.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
# Ansible Known Issues

## Issues with SSH Keys in `leverage run apply`

When using `leverage run apply`, **Ansible** relies on **SSH keys** for authenticating connections to **EC2 instances**. The command runs Ansible inside a **container**, which can lead to specific issues related to how SSH keys are accessed.

### Key Management and Container Mounting

During the execution of `leverage run apply`, a temporary container is created. The key directory **`~/.ssh/bb`** from your host machine is **mounted** into this container to make your keys available for Ansible.

Two common problems arise when the expected key isn't accessible within the container:

#### 1\. Key Location Mismatch

If you store your project-specific SSH keys in a directory **other than `~/.ssh/bb`** (e.g., a project folder), the keys will **not** be available inside the container because only the `~/.ssh/bb` directory is mounted.

!!! idea "Solution"
**Copy** the necessary key(s) into the `~/.ssh/bb` directory **before** running the command.


For example, you could copy the key to `~/.ssh/bb/me/aws-instance-ssh-key`.
Then, update your **inventory file** (e.g., `.host`) to reference this new path, ensuring it points to the location **inside the mounted directory**:

```yaml
[infra] vpn-pritunl ansible_host='vpn.aws.domain.com' ansible_user='ubuntu' ansible_ssh_private_key_file='~/.ssh/bb/me/aws-instance-ssh-key' ansible_python_interpreter='/usr/bin/python3'
```

#### 2\. Keys Protected by a Passphrase

Some users create SSH keys with a **passphrase** and then use the **ssh-agent** on their host machine to manage and unlock the key for their shell session.

When `leverage run apply` executes, the **ssh-agent connection** is **not** mounted or forwarded into the container. Consequently, the key remains **locked** inside the container, and Ansible cannot use it.

!!! idea "Solution"
For SSH keys intended for use with **EC2 instances** via `leverage run apply`, it is recommended to use keys that **do not have a passphrase**.

-----
1 change: 1 addition & 0 deletions mkdocs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -261,6 +261,7 @@ nav:
- Reference Architecture for Ansible:
- Overview: "user-guide/ref-architecture-ansible/overview.md"
- Workflow: "user-guide/ref-architecture-ansible/workflow.md"
- Known issues: "user-guide/ref-architecture-ansible/known-issues.md"
- Leverage CLI:
- Overview: "user-guide/leverage-cli/overview.md"
- Installation: "user-guide/leverage-cli/installation.md"
Expand Down
Loading