From c0048daed51cb35b490d2eabda70e6f6673ceba3 Mon Sep 17 00:00:00 2001 From: Artem Zavatskiy Date: Thu, 23 Jul 2020 16:03:01 +0300 Subject: [PATCH] fix agent auth in ssh communicator for ansible provisioner (#9488) --- common/step_provision.go | 1 + provisioner/ansible/provisioner.go | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/common/step_provision.go b/common/step_provision.go index af6cd42b9..2326649b9 100644 --- a/common/step_provision.go +++ b/common/step_provision.go @@ -85,6 +85,7 @@ func PopulateProvisionHookData(state multistep.StateBag) map[string]interface{} hookData["SSHPublicKey"] = string(commConf.SSHPublicKey) hookData["SSHPrivateKey"] = string(commConf.SSHPrivateKey) hookData["SSHPrivateKeyFile"] = commConf.SSHPrivateKeyFile + hookData["SSHAgentAuth"] = commConf.SSHAgentAuth // Backwards compatibility; in practice, WinRMPassword is fulfilled by // Password. diff --git a/provisioner/ansible/provisioner.go b/provisioner/ansible/provisioner.go index f36a6a7c6..02261d8f7 100644 --- a/provisioner/ansible/provisioner.go +++ b/provisioner/ansible/provisioner.go @@ -561,7 +561,8 @@ func (p *Provisioner) Provision(ctx context.Context, ui packer.Ui, comm packer.C // In this situation, we need to make sure we have the // private key we actually use to access the instance. SSHPrivateKeyFile := generatedData["SSHPrivateKeyFile"].(string) - if SSHPrivateKeyFile != "" { + SSHAgentAuth := generatedData["SSHAgentAuth"].(bool) + if SSHPrivateKeyFile != "" || SSHAgentAuth { privKeyFile = SSHPrivateKeyFile } else { // See if we can get a private key and write that to a tmpfile @@ -695,7 +696,7 @@ func (p *Provisioner) createCmdArgs(httpAddr, inventory, playbook, privKeyFile s args = append(args, "-e", fmt.Sprintf("packer_http_addr=%s", httpAddr)) } - if p.generatedData["ConnType"] == "ssh" { + if p.generatedData["ConnType"] == "ssh" && len(privKeyFile) > 0 { // Add ssh extra args to set IdentitiesOnly args = append(args, "--ssh-extra-args", "'-o IdentitiesOnly=yes'") }