问题描述

我有一个剧本，我正在尝试从私人存储库 (GIT) 克隆到服务器.

我已经设置了 ssh 转发，当我 ssh 进入服务器并尝试从同一个 repo 手动克隆时，它成功运行.但是，当我使用 ansible 将 repo 克隆到服务器时，它因权限被拒绝公钥"而失败.

这是我的剧本deploy.yml:

---- 主机:网络服务器远程用户:root任务:- 名称:设置 Git 存储库混帐:回购={{ git_repo }}dest={{ app_dir }}accept_hostkey=是

这是我的 ansible.cfg 的样子:

[ssh_args]ssh_args = -o FowardAgent=yes

我还能够执行我的剧本中的所有其他任务(操作系统操作、安装).

我试过了:

• 在服务器上的 ansible.cfg 中指定 sshAgentForwarding 标志(ansible.cfg 与 playbook 位于同一目录中)，使用:

  ssh_args = -o ForwardingAgent=yes

• 使用 become: false 来执行 git clone

• 运行 ansible -i devops/hosts webservers -a "ssh -T [email protected]" 返回:

  an_ip_address |无法访问！=>{改变":假，"msg": "无法通过 ssh 连接到主机.",无法访问":true}

这是我用来运行剧本的命令:ansible-playbook devops/deploy.yml -i devops/hosts -vvvv这是我收到的错误消息:

fatal: [162.243.243.13]: 失败！=>{更改":false，cmd":/usr/bin/git ls-remote ''-h refs/heads/HEAD"，失败":true，调用":{module_args":{accept_hostkey": true, "bare": false, "clone":true, "depth": null, "dest": "/var/www/aWebsite", "executable": null, "force": false, "key_file": null, "recursive": true, "reference": null, "refspec": null, "remote": "origin", "repo": "[email protected]:aUser/aRepo.git", "ssh_opts": null, "track_submodules": false, "update": true, "verify_commit": false, "version": "HEAD"}, "module_name": "git"}, "msg": "权限被拒绝(公钥).\r\n致命:无法从远程存储库 r$ad.\n\n请确保您拥有正确的访问权限\n并且存储库存在.", "rc": 128, "stderr": "Permission denied (publickey).\r\nfatal: 无法从远程 r$pository 读取.\n\n请确保您拥有正确的访问权限\n并且存储库存在.\n", "stdout": "", "stdout_lines": []}

通过阅读 ansible 中的 ssh 转发文档.我找到了解决方案.

问题是我的 ssh 密钥没有被转发，因为 Ansible 默认不会转发你的密钥，即使你在 ~/.ssh/conf 中设置了密钥转发(我更新了我在解决问题之前对 ansible.cfg 提出的问题).

解决方案是将 transport = ssh 添加到 [defaults] 下的 ansible.cfg 并运行 ansible-playbook 来自 ansible.cfg 所在的位置，并确保目标框的 /etc/ssh/sshd_config 中存在以下设置:

AllowAgentForwarding 是

我的 ansible.cfg 现在看起来像这样:

[默认值]传输 = ssh[ssh_connection]ssh_args = -o ForwardAgent=yes

I have a playbook where I am trying to clone from a private repo (GIT) to a server.

I have setup ssh forwarding and when I ssh into the server and try to manually clone from the same repo, it successfully works. However, when I use ansible for the to clone the repo to the server, it fails with "Permission Denied Public Key".

This is my playbook deploy.yml:

---

- hosts: webservers
  remote_user: root

  tasks:
      - name: Setup Git repo
        git: repo={{ git_repo }}
             dest={{ app_dir }}
             accept_hostkey=yes

This is how my ansible.cfg looks:

[ssh_args]
ssh_args = -o FowardAgent=yes

I am also able to perform all the other tasks in my playbooks (os operations, installations).

I have tried:

• Specifying sshAgentForwarding flag in ansible.cfg on the server (ansible.cfg in same dir as playbook) using:

• used become: false to execute the git clone

• running ansible -i devops/hosts webservers -a "ssh -T [email protected]" returns:

  an_ip_address | UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh.", "unreachable": true}

This is the command that I use to run the playbook:ansible-playbook devops/deploy.yml -i devops/hosts -vvvvThis is the error message I get:

fatal: [162.243.243.13]: FAILED! => {"changed": false, "cmd": "/usr/bin/git ls-remote '' -h refs/heads/HEAD", "failed": true, "invocation": {"module_args": {"accept_hostkey": true, "bare": false, "clone":
 true, "depth": null, "dest": "/var/www/aWebsite", "executable": null, "force": false, "key_file": null, "recursive": true, "reference": null, "refspec": null, "remote": "origin", "repo": "[email protected]:aUser/aRepo.git", "ssh_opts": null, "track_submodules": false, "update": true, "verify_commit": false, "version": "HEAD"}, "module_name": "git"}, "msg": "Permission denied (publickey).\r\nfatal: Could not r$ad from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.", "rc": 128, "stderr": "Permission denied (publickey).\r\nfatal: Could not read from remote r$pository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n", "stdout": "", "stdout_lines": []}

By reading the documentation for ssh forwarding in ansible. I was able to figure out the solution.

The problem was that my ssh keys were not being forwarded because Ansible does not by default forward your keys, even if you have set up the key forwarding in ~/.ssh/conf (I updated my question with the ansible.cfg that I had before fixing the issue).

The solution was to add transport = ssh to ansible.cfg under [defaults] plus running ansible-playbook from the location where ansible.cfg is located and make sure that the following setting exists in the /etc/ssh/sshd_config of the target box:

AllowAgentForwarding yes

My ansible.cfg now looks like this:

[defaults]
transport = ssh

[ssh_connection]
ssh_args = -o ForwardAgent=yes

这篇关于Git Clone 中的 Ansible 和 Git 权限被拒绝(公钥)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！