Ansible:如何以其他用户身份克隆存储库 [英] Ansible: how to clone a repository as other user
问题描述
我正在尝试使用 Ansible 编写部署规则.其中一些步骤是:
I'm trying to write deployments rules with Ansible. Some of the steps are:
- 更新和升级服务器
- 创建一个名为 harry 的用户
- 为哈利添加公钥和私钥
- 从 bitbucket.org 克隆 Git 存储库
我想在他的主目录中以 harry 用户的身份克隆存储库(这就是我复制它的公钥和私钥的原因).问题是无法指定必须作为 git clone 执行的用户.所以 Ansible 尝试以 root 身份克隆存储库并失败,因为他没有访问存储库的权限.
I want to clone the repository as harry user in his home directory (that's why I'm copying it's public and private keys). The issue is that it is not possible to specifiy a user the git clone must be executed as. So Ansible try to clone the repository as root and failed because he doesn't have rights to access the repository.
你是如何解决这个问题的?
How do you solve this ?
推荐答案
根据 Ansible 在 上的文档权限提升,Ansible 对成为非特权用户有限制,因为它向 Harry 暴露了一个安全漏洞.
As per Ansible's documentation on Privilege Escalation, Ansible has limitations on becoming an unprivileged user as it exposes a security hole to Harry.
使用 Ansible git 模块,您可以从特权 Ansible 用户使用 key_file 参数,并使用 become_user 允许将克隆文件的所有权授予 Harry.例如:
Using the Ansible git module, you can specify to use Harry's private key from the privileged Ansible user using the key_file parameter, and using become_user allows the cloned files to be given ownership to Harry. For example:
- name: Clone bitbucket repo
git:
repo: git@bitbucket.org:your-repo.git
dest: /var/www/
version: master
accept_hostkey: yes
key_file: /home/harry/.ssh/id_rsa
become: yes
become_user: harry
这篇关于Ansible:如何以其他用户身份克隆存储库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
