FAQ
This example assumes an instance created from an AWS Ubuntu trusty AMI, with the default ubuntu user, and with the instance private key already added to your SSH agent.
It also uses cert file and domain names for this project itself; change them as necessary.
scp /path/to/star.bocoup.com.{cert,key} ubuntu@deployment-workflow.bocoup.com:~
ssh ubuntu@deployment-workflow.bocoup.com sudo chown root:root star.bocoup.com.*
ssh ubuntu@deployment-workflow.bocoup.com sudo mv star.bocoup.com.* /etc/ssl/Be very careful with your cert files. If your project source is public, you don't want to accidentally commit them for the entire world to see!
Verify that the private key has been added to ssh-agent with:
ssh-add -LIf the private key isn't listed there, add it with:
ssh-add /path/to/key.pem(You may need to set the file permissions with chmod 400 /path/to/key.pem first)
In OS X, you may add the -K flag to import a private key into Keychain so that it's "remembered" across reboots:
ssh-add -K /path/to/key.pemBe very careful with your private keys. If your project source is public, you don't want to accidentally commit them for the entire world to see!
Ansible is configured to enable SSH agent forwarding, which allows the remote server to use your local keys instead of requiring you to place those keys on the remote server. However, if your SSH agent is unable to forward your local keys to the remote server, the server won't be able to access your private Git repository.
The GitHub Troubleshooting SSH agent forwarding guide has solutions to the most common SSH agent forwarding issues. If all else fails, at least ensure that you can ssh into the remote server (as the appropriate user) without seeing a warning message.
If you see warnings (eg. "Agent forwarding is disabled to avoid man-in-the-middle attacks.") when sshing, you'll need to resolve those issues before you can provision or deploy.