Ansible git Clone via SSH: Deploy Keys & Repository Guide — Video Tutorial

How to checkout git repository via SSH? I'm going to show you a live Playbook with some simple Ansible code. I'm Luca Berton and welcome to today's episode of Ansible Pilot Ansible checkout git repository Today we're talking about Ansible module `git`. The full name is `ansible.builtin.git` which means is part of the collection of modules "builtin" with ansible and shipped with it. This module is pretty stable and out for years. The purpose is to Deploy software (or files) from git checkouts in our managed hosts. If you would like to fetch via SSH please refer to: [Checkout git repository HTTPS - Ansible module git](/articles/checkout-git-repository-https-ansible-module-git) Parameters and Return Values The parameter list is pretty wide but I'll summarize the most useful. - **repo** _path_ - **dest** _string_ - update _boolean_ - key_file _path_ - SSH private key The parameter list is pretty wide but I'll summarize the most useful. The only required parameters are "repo" and "dest". The "repo" parameter specifies the source repository URL, in our use case, in the SSH way. The "dest" parameter specifies the destination path. The "update" parameter retrieves new revisions from the already synched origin repository. The "key_file" parameter specifies the path in the filesystem where to store the SSH private key. Please note that the SSH private key is a path on the target host. Please note also that the SSH public key needs to be already shared in your Git server. - after _string_ The most interesting return value is "after" which contains the last commit after the update process. Demo Let's jump in a real-life playbook to checkout a git repository with Ansible - git_ssh.yml ```yaml --- - name: git module Playbook hosts: all vars: repo: "git@github.com:lucab85/ansible-pilot.git" dest: "/home/devops/ansible-pilot" sshkey: "~/.ssh/id_rsa" tasks: - name: ensure git pkg installed ansible.builtin.yum: name: git state: present update_cache: true become: true - name: checkout git repo ansible.builtin.git: repo: "{{ repo }}" dest: "{{ dest }}" key_file: "{{ sshkey }}" ``` [code with ❤️ in GitHub](https://github.com/lucab85/ansible-pilot/tree/master/checkout%20git%20repository) Conclusion Now you know how to checkout git repository via SSH with Ansible. SSH Authentication Methods Deploy key (recommended) ```yaml - name: Install deploy key ansible.builtin.copy: content: "{{ vault_deploy_key }}" dest: /home/deploy/.ssh/deploy_key owner: deploy mode: '0600' no_log: true - name: Clone private repo ansible.builtin.git: repo: git@github.com:myorg/private-repo.git dest: /opt/myapp version: main key_file: /home/deploy/.ssh/deploy_key accept_hostkey: true ``` SSH agent forwarding ```ini ansible.cfg [ssh_connection] ssh_args = -o ForwardAgent=yes ``` ```yaml - name: Clone using forwarded agent ansible.built