jsc*_*ank 17 git ssh ssh-keys ansible ansible-playbook
我一直在努力让Ansible配置远程机器,我希望远程机器能够设置自己的密钥,并且能够从Bitbucket克隆git存储库.
用户已设置,有自己的id_rsa.pub,并且密钥已在bitbucket中注册.
但是,当我使用Ansible Git模块时,看起来模块总是试图使用运行playbook的机器上的键.
如何让git模块使用远程机器上的id_rsa.pub?
相关的任务是这样的:
- name: be sure prom-king has an up-to-date clone of its own repository
git:
repo: "ssh://ddcrnd@bitbucket.org/prom-king.git"
dest: /home/promking/prom-king
accept_hostkey: yes
clone: yes
key_file: /home/promking/.ssh/id_rsa.pub
update: yes
相关的库存就是这个
# inventory file for use with the vagrant box in the testing directory.
[prom-king]
192.168.168.192 ansible_ssh_host=127.0.0.1 ansible_sudo=true ansible_connection=ssh ansible_ssh_port=2222 ansible_ssh_user=vagrant ansible_ssh_private_key_file=testing/.vagrant/machines/default/virtualbox/private_key
Mik*_*maa 29
这是我使用远程服务器上设置的密钥文件从Github部署的方式.如果keyfile参数for git不起作用,那么你的剧本有问题:
- name: Creates .ssh directory for root
sudo: yes
file: path=/root/.ssh state=directory
# This public key is set on Github repo Settings under "Deploy keys"
- name: Upload the private key used for Github cloning
sudo: yes
copy: src=keys/github dest=/root/.ssh/github
- name: Correct SSH deploy key permissions
sudo: yes
file: dest=/root/.ssh/github mode=0600
- name: Deploy site files from Github repository
sudo: yes
git:
repo: git@github.com:miohtama/foobar.git
dest: /srv/django/foobar
key_file: /root/.ssh/github
accept_hostkey: yes
force: yes
如果我理解正确,您可以 - 或者想 - 将您的私钥部署到远程计算机,以便克隆存储库.相信你应该使用密钥转发.在你的.ssh/config设置中:
ForwardAgent yes
或者,如果您想将此限制为Ansible,您可以在以下位置定义它ansible.cfg:
[ssh_connection]
ssh_args= -A