I have one machine (A) from which I run Ansible playbooks on a variety of hosts. Vagrant is not installed here.
I have another machine (B) with double the RAM that hosts my Vagrant boxes. Ansible is not installed here.
I want to use Ansible to act on Vagrant boxes the same way I do all other hosts; that is, running ansible-playbook on machineA while targeting a virtualized Vagrant box on machineB. SSH keys are already set up between the two.
This seems like a simple use case but I can't find it clearly explained anywhere given the encouraged use of Vagrant's built-in Ansible provisioner. Is it possible? Perhaps some combination of SSH tunnels and port forwarding trickery?
Turns out this was surprisingly simple. Vagrant in fact does not need to know about Ansible at all.
Ansible inventory on machineA:
default ansible_host=machineB ansible_port=2222
Vagrantfile on machineB:
Vagrant.configure("2") do |config|
...
config.vm.network "forwarded_port", id: "ssh", guest: 22, host: 2222
...
end
The id: "ssh" is the important bit, as this overrides the default SSH behavior of restricting SSH to the guest from localhost only.
$ ansible --private-key=~/.ssh/vagrant-default -u vagrant -m ping default
default | SUCCESS => {
"changed": false,
"ping": "pong"
j }
(Note that the Vagrant private key must be copied over to the Ansible host and specified at the command line).