问题描述
我有一个剧本,我正在尝试从私人存储库 (GIT) 克隆到服务器.
我已经设置了 ssh 转发,当我 ssh 进入服务器并尝试从同一个 repo 手动克隆时,它成功运行.但是,当我使用 ansible 将 repo 克隆到服务器时,它因权限被拒绝公钥"而失败.
这是我的剧本deploy.yml
:
---- 主机:网络服务器远程用户:root任务:- 名称:设置 Git 存储库混帐:回购={{ git_repo }}dest={{ app_dir }}accept_hostkey=是
这是我的 ansible.cfg
的样子:
[ssh_args]ssh_args = -o FowardAgent=yes
我还能够执行我的剧本中的所有其他任务(操作系统操作、安装).
我试过了:
- 在服务器上的
ansible.cfg
中指定 sshAgentForwarding 标志(ansible.cfg 与 playbook 位于同一目录中),使用:ssh_args = -o ForwardingAgent=yes
- 使用
become: false
来执行 git clone 运行
ansible -i devops/hosts webservers -a "ssh -T [email protected]"
返回:an_ip_address |无法访问!=>{改变":假,"msg": "无法通过 ssh 连接到主机.",无法访问":true}
这是我用来运行剧本的命令:ansible-playbook devops/deploy.yml -i devops/hosts -vvvv
这是我收到的错误消息:
fatal: [162.243.243.13]: 失败!=>{更改":false,cmd":/usr/bin/git ls-remote ''-h refs/heads/HEAD",失败":true,调用":{module_args":{accept_hostkey": true, "bare": false, "clone":true, "depth": null, "dest": "/var/www/aWebsite", "executable": null, "force": false, "key_file": null, "recursive": true, "reference": null, "refspec": null, "remote": "origin", "repo": "[email protected]:aUser/aRepo.git", "ssh_opts": null, "track_submodules": false, "update": true, "verify_commit": false, "version": "HEAD"}, "module_name": "git"}, "msg": "权限被拒绝(公钥).\r\n致命:无法从远程存储库 r$ad.\n\n请确保您拥有正确的访问权限\n并且存储库存在.", "rc": 128, "stderr": "Permission denied (publickey).\r\nfatal: 无法从远程 r$pository 读取.\n\n请确保您拥有正确的访问权限\n并且存储库存在.\n", "stdout": "", "stdout_lines": []}
通过阅读 ansible 中的 ssh 转发文档.我找到了解决方案.
问题是我的 ssh 密钥没有被转发,因为 Ansible 默认不会转发你的密钥,即使你在 ~/.ssh/conf
中设置了密钥转发(我更新了我在解决问题之前对 ansible.cfg
提出的问题).
解决方案是将 transport = ssh
添加到 [defaults]
下的 ansible.cfg
并运行 ansible-playbook
来自 ansible.cfg
所在的位置,并确保目标框的 /etc/ssh/sshd_config
中存在以下设置:
AllowAgentForwarding 是
我的 ansible.cfg
现在看起来像这样:
[默认值]传输 = ssh[ssh_connection]ssh_args = -o ForwardAgent=yes
I have a playbook where I am trying to clone from a private repo (GIT) to a server.
I have setup ssh forwarding and when I ssh into the server and try to manually clone from the same repo, it successfully works. However, when I use ansible for the to clone the repo to the server, it fails with "Permission Denied Public Key".
This is my playbook deploy.yml
:
---
- hosts: webservers
remote_user: root
tasks:
- name: Setup Git repo
git: repo={{ git_repo }}
dest={{ app_dir }}
accept_hostkey=yes
This is how my ansible.cfg
looks:
[ssh_args]
ssh_args = -o FowardAgent=yes
I am also able to perform all the other tasks in my playbooks (os operations, installations).
I have tried:
- Specifying sshAgentForwarding flag in
ansible.cfg
on the server (ansible.cfg in same dir as playbook) using: - used
become: false
to execute the git clone running
ansible -i devops/hosts webservers -a "ssh -T [email protected]"
returns:an_ip_address | UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh.", "unreachable": true}
This is the command that I use to run the playbook:ansible-playbook devops/deploy.yml -i devops/hosts -vvvv
This is the error message I get:
fatal: [162.243.243.13]: FAILED! => {"changed": false, "cmd": "/usr/bin/git ls-remote '' -h refs/heads/HEAD", "failed": true, "invocation": {"module_args": {"accept_hostkey": true, "bare": false, "clone":
true, "depth": null, "dest": "/var/www/aWebsite", "executable": null, "force": false, "key_file": null, "recursive": true, "reference": null, "refspec": null, "remote": "origin", "repo": "[email protected]:aUser/aRepo.git", "ssh_opts": null, "track_submodules": false, "update": true, "verify_commit": false, "version": "HEAD"}, "module_name": "git"}, "msg": "Permission denied (publickey).\r\nfatal: Could not r$ad from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.", "rc": 128, "stderr": "Permission denied (publickey).\r\nfatal: Could not read from remote r$pository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n", "stdout": "", "stdout_lines": []}
By reading the documentation for ssh forwarding in ansible. I was able to figure out the solution.
The problem was that my ssh keys were not being forwarded because Ansible does not by default forward your keys, even if you have set up the key forwarding in ~/.ssh/conf
(I updated my question with the ansible.cfg
that I had before fixing the issue).
The solution was to add transport = ssh
to ansible.cfg
under [defaults]
plus running ansible-playbook
from the location where ansible.cfg
is located and make sure that the following setting exists in the /etc/ssh/sshd_config
of the target box:
AllowAgentForwarding yes
My ansible.cfg
now looks like this:
[defaults]
transport = ssh
[ssh_connection]
ssh_args = -o ForwardAgent=yes
这篇关于Git Clone 中的 Ansible 和 Git 权限被拒绝(公钥)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!