lv1*_*v10 8 git ansible ansible-playbook
我有一个剧本,我试图从私人仓库(GIT)克隆到服务器.
我已经设置了ssh转发,当我进入服务器并尝试从同一个repo手动克隆时,它成功运行.但是,当我使用ansible将repo克隆到服务器时,它会失败并显示"Permission Denied Public Key".
这是我的剧本deploy.yml:
---
- hosts: webservers
remote_user: root
tasks:
- name: Setup Git repo
git: repo={{ git_repo }}
dest={{ app_dir }}
accept_hostkey=yes
这就是我的ansible.cfg样子:
[ssh_args]
ssh_args = -o FowardAgent=yes
我也能够在我的剧本中执行所有其他任务(操作,安装).
我试过了:
ansible.cfg服务器上指定sshAgentForwarding标志(与playbook相同的目录中的ansible.cfg):
ssh_args = -o ForwardingAgent = yes
become: false执行git clone运行ansible -i devops/hosts webservers -a "ssh -T git@bitbucket.org"回报:
an_ip_address | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh.",
"unreachable": true
}
这是我用来运行playbook的命令:
ansible-playbook devops/deploy.yml -i devops/hosts -vvvv
这是我收到的错误消息:
fatal: [162.243.243.13]: FAILED! => {"changed": false, "cmd": "/usr/bin/git ls-remote '' -h refs/heads/HEAD", "failed": true, "invocation": {"module_args": {"accept_hostkey": true, "bare": false, "clone":
true, "depth": null, "dest": "/var/www/aWebsite", "executable": null, "force": false, "key_file": null, "recursive": true, "reference": null, "refspec": null, "remote": "origin", "repo": "git@bitbucket.org:aUser/aRepo.git", "ssh_opts": null, "track_submodules": false, "update": true, "verify_commit": false, "version": "HEAD"}, "module_name": "git"}, "msg": "Permission denied (publickey).\r\nfatal: Could not r$ad from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.", "rc": 128, "stderr": "Permission denied (publickey).\r\nfatal: Could not read from remote r$pository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n", "stdout": "", "stdout_lines": []}
通过阅读ansible中的ssh转发文档.我能够找到解决方案.
问题是我的ssh密钥没有被转发,因为Ansible默认情况下不会转发你的密钥,即使你已经设置了密钥转发~/.ssh/conf(我ansible.cfg在修复问题之前用我的问题更新了我的问题).
解决方案是添加transport = ssh到ansible.cfg正在[defaults]运行ansible-playbook的位置ansible.cfg.
我ansible.cfg现在看起来像这样:
[defaults]
transport = ssh
[ssh_connection]
ssh_args = -o ForwardAgent=yes
要通过远程服务器克隆私有 github 存储库,我这样做:
首先将 ssh 密钥添加到您的 ssh-agent 中:
eval `ssh-agent -s`
ssh-add ~/.ssh/my-private-key.pem
之后我修改了ansible.cfg:
[defaults]
transport = ssh
sudo_flags = -HE
[ssh_connection]
ssh_args = -o ForwardAgent=yes
现在你甚至可以以 root 用户身份克隆 github 私有仓库
通常,我还会在我的剧本/角色任务中添加这两个任务:
- name: Tell the host about our servers it might want to ssh to
known_hosts:
path: '/etc/ssh/known_hosts'
name: 'github.com'
key: "{{ lookup('pipe', 'ssh-keyscan -t rsa bitbucket.org') }}"
- name: Upload sudo config for key forwarding as root
lineinfile:
dest: /etc/sudoers.d/ssh_key_forward
line: 'Defaults env_keep+=SSH_AUTH_SOCK'
create: yes
owner: root
group: root
mode: "0440"
state: present
validate: 'visudo -c -f %s'
奇怪的是,它对我有用。如果该ssh选项不适合您,那么您可以使用用户名/密码选项,如下所示:
- name: Pull the code
git:
repo: "https://{{ bitbucket_login }}:{{ bitbucket_password|urlencode }}@bitbucket.org/path/project.git"
dest: /var/www/myproject
version: master
希望这对您和其他人有帮助