Ansible bitbucket 克隆配置 ssh 错误 [英] Ansible bitbucket clone provisioning ssh error
问题描述
总而言之,在使用 Ansible 配置我的 vagrant box 时,我在尝试使用 ssh 克隆我的 bitbucket 私有存储库时遇到了一个神秘的错误.错误指出主机密钥验证失败".
In summary, When provisioning my vagrant box using Ansible, I get thrown a mysterious error when trying to clone my bitbucket private repo using ssh. The error states that the "Host key verification failed".
然而,如果我 vagrant ssh 然后运行 'git clone' 命令,私有仓库就被成功克隆了.这表明 ssh 转发代理确实在工作,并且 vagrant box 可以访问我与 bitbucket 存储库关联的私钥.
Yet if I vagrant ssh and then run the 'git clone' command, the private repo is successfully cloned. This indicates that the ssh forward agent is indeed working and the vagrant box can access my private key associated with the bitbucket repo.
我已经在这个问题上苦苦挣扎了两天,现在正在失去理智!请有人帮帮我!!!
I have been struggling for two days on this issue and am loosing my mind! Please, somebody help me!!!
流浪文件:
Vagrant.configure("2") do |config|
config.vm.box = "ubuntu/xenial64"
config.vm.network "private_network", ip: "192.168.33.10"
config.ssh.forward_agent = true
# Only contains ansible dependencies
config.vm.provision "shell",
inline: "sudo apt-get install python-minimal -y"
# Use ansible for all provisioning:
config.vm.provision "ansible" do |ansible|
ansible.playbook = "provisioning/playbook.yml"
end
end
我的playbook.yml如下:
---
- hosts: all
become: true
tasks:
- name: create /var/www/ directory
file: dest=/var/www/ state=directory owner=www-data group=www-data mode=0755
- name: Add the user 'ubuntu' to group 'www-data'
user:
name: ubuntu
shell: /bin/bash
groups: www-data
append: yes
- name: Clone bitbucket repo
git:
repo: git@bitbucket.org:gustavmahler/example.com.git
dest: /var/www/poo
version: master
accept_hostkey: yes
错误信息:
流浪条款
TASK [common : Clone bitbucket repo] ********************************************
TASK [common : Clone bitbucket repo] *******************************************
致命:[默认]:失败!=>{"changed": false, "cmd": "/usr/bin/git clone --origin origin ''/var/www/poo", "failed": true, "msg": ";克隆到/var/www/poo"...\n警告: 已将 IP 地址104.192.143.3"的 RSA 主机密钥永久添加到已知主机列表中.\r\n权限被拒绝(公钥).\r\n致命: 无法从远程存储库读取.\n\n请确保您具有正确的访问权限\n并且存储库存在.", rc": 128, stderr": Cloning into '/var/www/poo'...\n警告:已将 IP 地址104.192.143.3"的 RSA 主机密钥永久添加到已知主机列表中.\r\n权限被拒绝(公钥).\r\n致命:无法从远程存储库读取.\n\n请确保您拥有正确的访问权限\n并且存储库存在.\n", "stderr_lines": ["Cloning into '/var/www/poo'...", "Warning:将 IP 地址104.192.143.3"的 RSA 主机密钥永久添加到已知主机列表中ts."、权限被拒绝(公钥)"、致命:无法从远程存储库读取."、"、请确保您具有正确的访问权限"、并且存储库存在."],stdout":",stdout_lines":[]}
fatal: [default]: FAILED! => {"changed": false, "cmd": "/usr/bin/git clone --origin origin '' /var/www/poo", "failed": true, "msg": "Cloning into '/var/www/poo'...\nWarning: Permanently added the RSA host key for IP address '104.192.143.3' to the list of known hosts.\r\nPermission denied (publickey).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.", "rc": 128, "stderr": "Cloning into '/var/www/poo'...\nWarning: Permanently added the RSA host key for IP address '104.192.143.3' to the list of known hosts.\r\nPermission denied (publickey).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n", "stderr_lines": ["Cloning into '/var/www/poo'...", "Warning: Permanently added the RSA host key for IP address '104.192.143.3' to the list of known hosts.", "Permission denied (publickey).", "fatal: Could not read from remote repository.", "", "Please make sure you have the correct access rights", "and the repository exists."], "stdout": "", "stdout_lines": []}
附加信息:
- ssh-add -l 在我的机器上确实包含相关的 bitbucket 存储库密钥.
- ssh-add -l 在 vagrant 框内也包含相关的 bitbucket 存储库密钥(通过 ssh-forwarding).
- ssh-add -l on my machine does contain the associated bitbucket repo key.
- ssh-add -l inside the vagrant box does also contain the associated bitbucket repo key (through ssh-forwarding).
但是如果在 vagrant box 中手动完成克隆操作?:
vagrant ssh
git clone git@bitbucket.org:myusername/myprivaterepo.com.git
Then type "yes" to allow the RSA fingerprint to be added to ~/.ssh/known_hosts (as its first connection with bitbucket)
可能的解决方案?
我在 Ansible 文档中看到有一个 key_file: 选项.我将如何引用位于 vagrant 框外并使用 ssh 转发传入的私钥?
I have seen in the Ansible documentation that there is a key_file: option. How would I reference the private key which is located outside the vagrant box and is passed in using ssh forwarding?
我的 ~/.ssh/中的不同实体确实有多个 ssh 密钥,也许 Ansible 配置运行时 git clone 命令没有选择正确的密钥?
I do have multiple ssh keys for different entities inside my ~/.ssh/ Perhaps the git clone command when run by Ansible provisioning isn't selecting the correct key?
非常感谢您的帮助,并感谢您阅读我的噩梦.
Any help is greatly appreciated and thanks for reading my nightmare.
推荐答案
由于您使用 become: true 运行整个剧本,SSH 密钥转发(以及故障排除)变得无关紧要,因为从您的游戏连接到 BitBucket 的用户是 root.
Since you run the whole playbook with become: true, SSH key-forwarding (as well as troubleshooting) becomes irrelevant, because the user connecting to BitBucket from your play is root.
以ubuntu用户身份运行连接到BitBucket的任务:
Run the task connecting to BitBucket as ubuntu user:
要么在
Clone bitbucket repo任务中指定become: false,
或从 play 中删除 become: true 并将其仅添加到需要提升权限的任务中.
or removing become: true From the play and adding it only to tasks that require elevated permissions.
这篇关于Ansible bitbucket 克隆配置 ssh 错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
