Ansible:如何以其他用户身份克隆存储库 [英] Ansible: how to clone a repository as other user
问题描述
我正在尝试使用Ansible编写部署规则.其中一些步骤是:
I'm trying to write deployments rules with Ansible. Some of the steps are:
- 更新和升级服务器
- 创建一个名为harry的用户
- 添加公钥和私钥来哈利
- 从bitbucket.org克隆一个Git存储库
我想在其主目录中以harry用户的身份克隆存储库(这就是为什么我要复制它的公钥和私钥的原因).问题是不可能指定必须执行git clone的用户.因此,Ansible尝试将存储库克隆为root并失败,因为他没有访问存储库的权限.
I want to clone the repository as harry user in his home directory (that's why I'm copying it's public and private keys). The issue is that it is not possible to specifiy a user the git clone must be executed as. So Ansible try to clone the repository as root and failed because he doesn't have rights to access the repository.
您如何解决这个问题?
推荐答案
根据Ansible在特权中的文档升级,Ansible在成为无特权用户方面受到限制,因为它给Harry带来了安全漏洞.
As per Ansible's documentation on Privilege Escalation, Ansible has limitations on becoming an unprivileged user as it exposes a security hole to Harry.
使用Ansible git 模块,您可以从使用key_file参数并使用become_user的特权Ansible用户可以将克隆的文件授予Harry所有权.例如:
Using the Ansible git module, you can specify to use Harry's private key from the privileged Ansible user using the key_file parameter, and using become_user allows the cloned files to be given ownership to Harry. For example:
- name: Clone bitbucket repo
git:
repo: git@bitbucket.org:your-repo.git
dest: /var/www/
version: master
accept_hostkey: yes
key_file: /home/harry/.ssh/id_rsa
become_user: harry
这篇关于Ansible:如何以其他用户身份克隆存储库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
