Git Clone中的Ansible和Git许可被拒绝(公钥) [英] Ansible and Git Permission denied (publickey) at Git Clone
问题描述
我有一本剧本,试图将其从私人仓库(GIT)克隆到服务器.
I have a playbook where I am trying to clone from a private repo (GIT) to a server.
我已经设置了ssh转发,并且当我ssh进入服务器并尝试从同一存储库手动克隆时,它可以成功工作.但是,当我将ansible用于将存储库克隆到服务器时,它将失败,并显示"Permission Denied Public Key".
I have setup ssh forwarding and when I ssh into the server and try to manually clone from the same repo, it successfully works. However, when I use ansible for the to clone the repo to the server, it fails with "Permission Denied Public Key".
这是我的剧本deploy.yml:
---
- hosts: webservers
remote_user: root
tasks:
- name: Setup Git repo
git: repo={{ git_repo }}
dest={{ app_dir }}
accept_hostkey=yes
这是我的ansible.cfg的外观:
[ssh_args]
ssh_args = -o FowardAgent=yes
我还可以执行剧本中的所有其他任务(操作系统操作,安装).
I am also able to perform all the other tasks in my playbooks (os operations, installations).
我尝试过:
- 使用以下命令在服务器上的
ansible.cfg中指定sshAgentForwarding标志(与剧本位于dir中的ansible.cfg):
- Specifying sshAgentForwarding flag in
ansible.cfgon the server (ansible.cfg in same dir as playbook) using:
ssh_args = -o ForwardingAgent =是
ssh_args = -o ForwardingAgent=yes
become: false执行git clone 运行ansible -i devops/hosts webservers -a "ssh -T git@bitbucket.org"返回:
become: false to execute the git clonerunning ansible -i devops/hosts webservers -a "ssh -T git@bitbucket.org" returns:
an_ip_address | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh.",
"unreachable": true
}
an_ip_address | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh.",
"unreachable": true
}
这是我用来运行剧本的命令:
ansible-playbook devops/deploy.yml -i devops/hosts -vvvv
这是我收到的错误消息:
This is the command that I use to run the playbook:
ansible-playbook devops/deploy.yml -i devops/hosts -vvvv
This is the error message I get:
fatal: [162.243.243.13]: FAILED! => {"changed": false, "cmd": "/usr/bin/git ls-remote '' -h refs/heads/HEAD", "failed": true, "invocation": {"module_args": {"accept_hostkey": true, "bare": false, "clone":
true, "depth": null, "dest": "/var/www/aWebsite", "executable": null, "force": false, "key_file": null, "recursive": true, "reference": null, "refspec": null, "remote": "origin", "repo": "git@bitbucket.org:aUser/aRepo.git", "ssh_opts": null, "track_submodules": false, "update": true, "verify_commit": false, "version": "HEAD"}, "module_name": "git"}, "msg": "Permission denied (publickey).\r\nfatal: Could not r$ad from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.", "rc": 128, "stderr": "Permission denied (publickey).\r\nfatal: Could not read from remote r$pository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n", "stdout": "", "stdout_lines": []}
推荐答案
通过阅读Ansible中的ssh转发文档.我能够找出解决方案.
By reading the documentation for ssh forwarding in ansible. I was able to figure out the solution.
问题是我的ssh密钥没有被转发,因为Ansible默认情况下不会转发您的密钥,即使您已在~/.ssh/conf上设置了密钥转发(我用我已经拥有的ansible.cfg来更新了我的问题在解决问题之前.)
The problem was that my ssh keys were not being forwarded because Ansible does not by default forward your keys, even if you have set up the key forwarding on ~/.ssh/conf (I updated my question with the ansible.cfg that I had before fixing the issue).
解决方案是将transport = ssh添加到[defaults]下的ansible.cfg,并从ansible.cfg所在的位置运行ansible-playbook,并确保目标的/etc/ssh/sshd_config中存在以下设置框:
The solution is was to add transport = ssh to ansible.cfg under [defaults] plus running ansible-playbook from the location where ansible.cfg is located and make sure thet the following setting exists in the /etc/ssh/sshd_config of the target box:
AllowAgentForwarding yes
我的ansible.cfg现在看起来像这样:
My ansible.cfg now looks like this:
[defaults]
transport = ssh
[ssh_connection]
ssh_args = -o ForwardAgent=yes
这篇关于Git Clone中的Ansible和Git许可被拒绝(公钥)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
