在 vagrant + ansible 上配置 git 任务似乎不起作用,猜测问题是 ssh-forwarding。
如果我通过 ssh 进入盒子,我可以 git clone
就好了。我可以使用 ssh-add -L
查看我的 key 确实已被转发。
不过,当我运行 vagrant provision
时,我得到:
failed: [ss_app] => {"changed": false, "cmd": "/usr/bin/git ls-remote git@github.com:org/app.git -h refs/heads/master", "failed": true, "item": "", "rc": 128}
stderr: Permission denied (publickey).
fatal: The remote end hung up unexpectedly
关于任务:
- name: install from git
git: >
repo={{ app.repo }}
dest={{ app.home }}
version={{ app.version }}
accept_hostkey=yes
update=yes
在我的 ansible.cfg
中:
[defaults]
transport = ssh
[ssh_connection]
ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o ForwardAgent=yes -A
我也尝试过使用:
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
config.vm.provision "ansible" do |ansible|
ansible.playbook = "provision.yml"
ansible.inventory_path = "hosts/vagrant"
ansible.sudo = true
ansible.host_key_checking = false
ansible.verbose = 'vvvv'
ansible.extra_vars = {
ansible_ssh_user: 'vagrant',
ansible_connection: 'ssh',
ansible_ssh_args: '-o ForwardAgent=yes'
}
end
根据其他一些堆栈溢出问题。但是,这些都不起作用。
想法?
编辑:
# -*- mode: ruby -*-
# vi: set ft=ruby :
# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
VAGRANTFILE_API_VERSION = "2"
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
config.vm.provision "ansible" do |ansible|
ansible.playbook = "provision.yml"
ansible.inventory_path = "hosts/vagrant"
ansible.sudo = true
ansible.host_key_checking = false
ansible.verbose = 'vvvv'
ansible.extra_vars = {
ansible_ssh_user: 'vagrant',
ansible_connection: 'ssh',
ansible_ssh_args: '-o ForwardAgent=yes -A'
}
# ansible.limit = 'all'
end
config.ssh.forward_agent = true
config.vm.define :ss_app do |ss_app_config|
ss_app_config.vm.box = "precise64"
ss_app_config.vm.box_url = "http://cloud-images.ubuntu.com/vagrant/precise/current/precise-server-cloudimg-amd64-vagrant-disk1.box"
ss_app_config.vm.network :private_network, ip: "10.1.100.100"
ss_app_config.vm.network :forwarded_port, guest: 22, host: 2222, id: 'ssh', auto_correct: true
ss_app_config.ssh.forward_agent = true
ss_app_config.vm.provider :virtualbox do |virtualbox|
virtualbox.customize ["modifyvm", :id, "--memory", "1024"]
end
end
end
^^ 还有更多我的 Vagrantfile。
这是正在运行的命令:/usr/bin/git ls-remote git@github.com:org/app.git -h refs/heads/master
如果我通过 vagrant ssh
登录然后运行该命令,它工作正常,仅在提供期间失败。
最佳答案
我对类似问题的解决方案是让 SSH agent-forward 与 sudo 一起执行以下可执行任务:
- name: Copy sudoers file for safety
command: cp -f /etc/sudoers /etc/sudoers.tmp
- name: Create sudoers file backup
command: cp -f /etc/sudoers /etc/sudoers.bak
- name: Create admins group
group: name=admins system=yes state=present
- name: make sure we can sudo as admin group
lineinfile: dest=/etc/sudoers.tmp state=present regexp='^%admin' line='%admin ALL=(ALL) ALL'
- name: Make sure ssh-agent works via sudo
lineinfile: dest=/etc/sudoers.tmp state=present regexp='^Defaults env_keep\+\=SSH_AUTH_SOCK' line='Defaults env_keep+=SSH_AUTH_SOCK'
- name: Final sudoers file check
shell: visudo -q -c -f /etc/sudoers.tmp && cp -f /etc/sudoers.tmp /etc/sudoers
关于git - Ansible 1.6 + Vagrant 1.6 ssh 转发看起来不工作,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/23506911/