Ansible 同步提示密码即使已经在开头输入 [英] Ansible synchronize prompts passphrase even if already entered at the beginning
问题描述
Ansible (v1.6.5) 的同步模块提示输入密码(Enter passphrase for key)即使我在开始运行剧本时已经输入了.
The synchronize module of Ansible (v1.6.5) prompts for the passphrase (Enter passphrase for key) even though I already entered it at the beginning of running the playbook.
知道为什么吗?
我使用以下选项运行我的剧本:
I run my playbook with the following options:
-u myuser --ask-sudo-pass --private-key=/path/to/id_rsa
这是我的同步任务:
- name: synchronize source files in src location
sudo: yes
synchronize: src={{local_src}} dest={{project_dirs.src}} archive=yes delete=yes rsync_opts=["--compress"]
when: synchronize_src_files
<小时>
使用 ssh-agent 更新
按照 Lekensteyn 的建议,我尝试使用 ssh-agent.我不再有提示,但任务失败.我错过了什么?
Following the advice of Lekensteyn, I tried with ssh-agent. I do not have a prompt anymore but the task fails. What am I missing?
eval `ssh-agent -s`
ssh-add ~/.ssh/id_rsa
错误:
TASK: [rolebooks/project | synchronize source files in src location] **********
failed: [10.0.0.101] => {"cmd": "rsync --delay-updates -FF --compress --delete-after --archive --rsh 'ssh -i /home/vagrant/.ssh/id_rsa -o StrictHostKeyChecking=no' --rsync-path="sudo rsync" [--compress] --out-format='<<CHANGED>>%i %n%L' /projects/webapp mike@10.0.0.101:/var/local/sites/project1/src", "failed": true, "rc": 12}
msg: sudo: no tty present and no askpass program specified
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: error in rsync protocol data stream (code 12) at io.c(226) [sender=3.1.0]
推荐答案
synchronize
命令(至少到 Ansible 1.6.6)似乎忽略了 Ansible 打开的正常 SSH 控制套接字.您的任务可以扩展到以下内容:
The synchronize
command (up to at least Ansible 1.6.6) seems to ignore the normal SSH control socket opened by Ansible. Your task could expand to the following:
{
"cmd": "rsync --delay-updates -FF --compress --archive
--rsh 'ssh -o StrictHostKeyChecking=no'
--out-format='<<CHANGED>>%i %n%L'
/home/me/src/ user@host:/dest/",
"failed": true,
"rc": 23
}
要获取这些详细信息,请使用 -v
选项运行您的剧本.作为解决方法,您可以启动 ssh-agent
并使用 ssh-add
添加缓存您的 SSH 密钥.有关详细信息,请参阅他们的手册页.
To get these details, run your playbook with the -v
option. As a workaround for this, you can start ssh-agent
and add cache your SSH key with ssh-add
. Refer to their manual pages for details.
synchronize
模块的额外注意事项:
Extra caveats with the synchronize
module:
- 当使用
sudo: yes
运行时,ansible 将使用--rsh 'sudo ssh'
运行,如果远程 sudo 配置需要密码和/或 TTY,这将中断.解决方案:在您的任务定义中设置sudo: no
. - 登录远程计算机的用户是您的 SSH 用户 (
ansible_ssh_user
),而不是 sudo 用户.我还没有找到覆盖此用户的方法(除了一种未经测试的方法,该方法通过其他选项之一使用-o User
选项覆盖用户(dest_port="22 -o User=your_user"
?) 与set_remote_user=yes
结合使用).
- When run with
sudo: yes
, ansible will run with--rsh 'sudo ssh'
which will break if the remote sudo configuration requires a password and/ or TTY. Solution: setsudo: no
in your task definition. - The user that logs into the remote machine is your SSH user (
ansible_ssh_user
), not the sudo user. I have not found a way to override this user (besides an untested method that overrides the user with-o User
option via one of the other options (dest_port="22 -o User=your_user"
?) in combination withset_remote_user=yes
).
这是从我的任务文件中获取的:
This is taken from my tasks file:
- name: sync app files
sudo: no
synchronize: src={{app_srcdir}}/ dest={{appdir}}/
recursive=yes
rsync_opts=--exclude=.hg
# and of course Ubuntu 12.04 does not support --usermap..
#,--chown={{deployuser}}:www-data
# the above goes bad because ansible_ssh_user=user has no privileges
# local_action: command rsync -av --chown=:www-data
# {{app_srcdir}}
# {{deployuser}}@{{inventory_hostname}}:{{appdir}}/
# when: app_srcdir is defined
# The above still goes bad because {{inventory_hostname}} is not ssh host...
这篇关于Ansible 同步提示密码即使已经在开头输入的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!