bin*_*lve 24 ssh ssh-agent vagrant ansible
好的,奇怪的问题.我有与Vagrant一起工作的SSH转发.但是当我使用Ansible作为Vagrant配置器时,我正试图让它工作.
我确切地发现了Ansible正在执行的操作,并且自己从命令行尝试了它,当然,它也在那里失败了.
[/common/picsolve-ansible/u12.04%]ssh -o HostName=127.0.0.1 \
-o User=vagrant -o Port=2222 -o UserKnownHostsFile=/dev/null \
-o StrictHostKeyChecking=no -o PasswordAuthentication=no \
-o IdentityFile=/Users/bryanhunt/.vagrant.d/insecure_private_key \
-o IdentitiesOnly=yes -o LogLevel=FATAL \
-o ForwardAgent=yes "/bin/sh \
-c 'git clone git@bitbucket.org:bryan_picsolve/poc_docker.git /home/vagrant/poc_docker' "
Permission denied (publickey,password).
但是,当我只运行vagrant ssh时,代理转发工作正常,我可以检查R/W我的github项目.
[/common/picsolve-ansible/u12.04%]vagrant ssh
vagrant@vagrant-ubuntu-precise-64:~$ /bin/sh -c 'git clone git@bitbucket.org:bryan_picsolve/poc_docker.git /home/vagrant/poc_docker'
Cloning into '/home/vagrant/poc_docker'...
remote: Counting objects: 18, done.
remote: Compressing objects: 100% (14/14), done.
remote: Total 18 (delta 4), reused 0 (delta 0)
Receiving objects: 100% (18/18), done.
Resolving deltas: 100% (4/4), done.
vagrant@vagrant-ubuntu-precise-64:~$
有谁知道它是如何工作的?
更新:
通过ps awux我确定了Vagrant正在执行的确切命令.
我复制了它,git checkout工作了.
ssh vagrant@127.0.0.1 -p 2222 \
-o Compression=yes \
-o StrictHostKeyChecking=no \
-o LogLevel=FATAL \
-o StrictHostKeyChecking=no \
-o UserKnownHostsFile=/dev/null \
-o IdentitiesOnly=yes \
-i /Users/bryanhunt/.vagrant.d/insecure_private_key \
-o ForwardAgent=yes \
-o LogLevel=DEBUG \
"/bin/sh -c 'git clone git@bitbucket.org:bryan_picsolve/poc_docker.git /home/vagrant/poc_docker' "
bin*_*lve 20
截至ansible 1.5(devel aa2d6e47f0)最后更新2014/03/24 14:23:18(GMT +100)和Vagrant 1.5.1现在可行了.
我的Vagrant配置包含以下内容:
config.vm.provision "ansible" do |ansible|
ansible.playbook = "../playbooks/basho_bench.yml"
ansible.sudo = true
ansible.host_key_checking = false
ansible.verbose = 'vvvv'
ansible.extra_vars = { ansible_ssh_user: 'vagrant',
ansible_connection: 'ssh',
ansible_ssh_args: '-o ForwardAgent=yes'}
明确禁用sudo使用也是一个好主意.例如,当使用Ansible git模块时,我这样做:
- name: checkout basho_bench repository
sudo: no
action: git repo=git@github.com:basho/basho_bench.git dest=basho_bench
Ben*_*ell 15
关键区别似乎是UserKnownHostFile设置.即使关闭StrictHostKeyChecking,当已知主机文件中存在冲突条目时,ssh也会静默禁用某些功能,包括代理转发(这些冲突对于流浪者来说很常见,因为多个VM在不同时间可能具有相同的地址).如果我将UserKnownHostFile指向/ dev/null,它对我有用:
config.vm.provision "ansible" do |ansible|
ansible.playbook = "playbook.yml"
ansible.raw_ssh_args = ['-o UserKnownHostsFile=/dev/null']
end
这是一个解决方法:
ansible.cfg使用以下行在与Vagrantfile相同的目录中创建一个文件:
[ssh_connection]
ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o ForwardAgent=yes
| 归档时间: |
|
| 查看次数: |
10371 次 |
| 最近记录: |