Git Clone中的Ansible和Git许可被拒绝(公钥) [英] Ansible and Git Permission denied (publickey) at Git Clone
问题描述
我有一本剧本,试图将其从私人仓库(GIT)克隆到服务器.
I have a playbook where I am trying to clone from a private repo (GIT) to a server.
我已经设置了ssh转发,并且当我ssh进入服务器并尝试从同一存储库手动克隆时,它可以成功工作.但是,当我将ansible用于将存储库克隆到服务器时,它将失败,并显示"Permission Denied Public Key".
I have setup ssh forwarding and when I ssh into the server and try to manually clone from the same repo, it successfully works. However, when I use ansible for the to clone the repo to the server, it fails with "Permission Denied Public Key".
这是我的剧本deploy.yml
:
---
- hosts: webservers
remote_user: root
tasks:
- name: Setup Git repo
git: repo={{ git_repo }}
dest={{ app_dir }}
accept_hostkey=yes
这是我的ansible.cfg
的外观:
[ssh_args]
ssh_args = -o FowardAgent=yes
我还可以执行剧本中的所有其他任务(操作系统操作,安装).
I am also able to perform all the other tasks in my playbooks (os operations, installations).
我尝试过:
- 使用以下命令在服务器上的
ansible.cfg
中指定sshAgentForwarding标志(与剧本位于dir中的ansible.cfg):
- Specifying sshAgentForwarding flag in
ansible.cfg
on the server (ansible.cfg in same dir as playbook) using:
ssh_args = -o ForwardingAgent =是
ssh_args = -o ForwardingAgent=yes
become: false
执行git clone 运行ansible -i devops/hosts webservers -a "ssh -T git@bitbucket.org"
返回:
become: false
to execute the git clonerunning ansible -i devops/hosts webservers -a "ssh -T git@bitbucket.org"
returns:
an_ip_address | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh.",
"unreachable": true
}
an_ip_address | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh.",
"unreachable": true
}
这是我用来运行剧本的命令:
ansible-playbook devops/deploy.yml -i devops/hosts -vvvv
这是我收到的错误消息:
This is the command that I use to run the playbook:
ansible-playbook devops/deploy.yml -i devops/hosts -vvvv
This is the error message I get:
fatal: [162.243.243.13]: FAILED! => {"changed": false, "cmd": "/usr/bin/git ls-remote '' -h refs/heads/HEAD", "failed": true, "invocation": {"module_args": {"accept_hostkey": true, "bare": false, "clone":
true, "depth": null, "dest": "/var/www/aWebsite", "executable": null, "force": false, "key_file": null, "recursive": true, "reference": null, "refspec": null, "remote": "origin", "repo": "git@bitbucket.org:aUser/aRepo.git", "ssh_opts": null, "track_submodules": false, "update": true, "verify_commit": false, "version": "HEAD"}, "module_name": "git"}, "msg": "Permission denied (publickey).\r\nfatal: Could not r$ad from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.", "rc": 128, "stderr": "Permission denied (publickey).\r\nfatal: Could not read from remote r$pository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n", "stdout": "", "stdout_lines": []}
推荐答案
通过阅读Ansible中的ssh转发文档.我能够找出解决方案.
By reading the documentation for ssh forwarding in ansible. I was able to figure out the solution.
问题是我的ssh密钥没有被转发,因为Ansible默认情况下不会转发您的密钥,即使您已在~/.ssh/conf
上设置了密钥转发(我用我已经拥有的ansible.cfg
来更新了我的问题在解决问题之前.)
The problem was that my ssh keys were not being forwarded because Ansible does not by default forward your keys, even if you have set up the key forwarding on ~/.ssh/conf
(I updated my question with the ansible.cfg
that I had before fixing the issue).
解决方案是将transport = ssh
添加到[defaults]
下的ansible.cfg
,并从ansible.cfg
所在的位置运行ansible-playbook
,并确保目标的/etc/ssh/sshd_config
中存在以下设置框:
The solution is was to add transport = ssh
to ansible.cfg
under [defaults]
plus running ansible-playbook
from the location where ansible.cfg
is located and make sure thet the following setting exists in the /etc/ssh/sshd_config
of the target box:
AllowAgentForwarding yes
我的ansible.cfg
现在看起来像这样:
My ansible.cfg
now looks like this:
[defaults]
transport = ssh
[ssh_connection]
ssh_args = -o ForwardAgent=yes
这篇关于Git Clone中的Ansible和Git许可被拒绝(公钥)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!