我正在尝试配置 ansible 以从 bitbucket checkout git 存储库并将其放在目标机器上。控制机器(我的电脑)有 bitbucket 私有(private) ssh key 。公钥被上传到 bitbucket 并且通过它的 ssh 访问被测试和工作。
这是 ansible yml 任务代码:
- name: Checkout application
become: no
git: repo=git@bitbucket.org:bitbucketusername/deployment.git
dest=/tmp/myapp
accept_hostkey=True
key_file=/home/me/.ssh/bitbucket_ssh_key
这是错误:
Warning: Identity file /home/me/.ssh/bitbucket_ssh_key not accessible:
No such file or directory.
Permission denied (publickey)
所以我认为 key 转发不起作用?这很奇怪,因为在我的
~/.ssh/config
我为目标机器 111.222.333.444 启用了转发:Host 111.222.333.444
ForwardAgent yes
那么出了什么问题,如何将我的 repo 从 bitbucket 获取到我的目标机器上?我正在使用 ansible 2.1.1.0。
编辑:这是它在
-vvvv
时提示的部分标志开启:TASK [Checkout application] *********************************************
task path: /home/me/path/to/the/ansible/playbook.yml:49
<111.222.333.444> ESTABLISH SSH CONNECTION FOR USER: deploy
<111.222.333.444> SSH: EXEC ssh -C -vvv -o ForwardAgent=yes -o StrictHostKeyChecking=no -o 'IdentityFile="/home/me/.ssh/the_ssh_key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=deploy -o ConnectTimeout=10 111.222.333.444 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1477655760.17-42684399995480 `" && echo ansible-tmp-1477655760.17-42684399995480="` echo $HOME/.ansible/tmp/ansible-tmp-1477655760.17-42684399995480 `" ) && sleep 0'"'"''
<111.222.333.444> PUT /tmp/tmp0NYGtg TO /home/deploy/.ansible/tmp/ansible-tmp-1477655760.17-42684399995480/git
<111.222.333.444> SSH: EXEC sftp -b - -C -vvv -o ForwardAgent=yes -o StrictHostKeyChecking=no -o 'IdentityFile="/home/me/.ssh/the_ssh_key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=deploy -o ConnectTimeout=10 '[111.222.333.444]'
<111.222.333.444> ESTABLISH SSH CONNECTION FOR USER: deploy
<111.222.333.444> SSH: EXEC ssh -C -vvv -o ForwardAgent=yes -o StrictHostKeyChecking=no -o 'IdentityFile="/home/me/.ssh/the_ssh_key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=deploy -o ConnectTimeout=10 -tt 111.222.333.444 '/bin/sh -c '"'"'LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 LC_MESSAGES=en_US.UTF-8 /usr/bin/python /home/deploy/.ansible/tmp/ansible-tmp-1477655760.17-42684399995480/git; rm -rf "/home/deploy/.ansible/tmp/ansible-tmp-1477655760.17-42684399995480/" > /dev/null 2>&1 && sleep 0'"'"''
fatal: [app1]: FAILED! => {"changed": false, "cmd": "/usr/bin/git ls-remote '' -h refs/heads/HEAD", "failed": true, "invocation": {"module_args": {"accept_hostkey": true, "bare": false, "clone": true, "depth": null, "dest": "/tmp/myapp", "executable": null, "force": false, "key_file": "/home/me/.ssh/bitbucket_ssh_key", "recursive": true, "reference": null, "refspec": null, "remote": "origin", "repo": "git@bitbucket.org:memeares/deployment.git", "ssh_opts": null, "track_submodules": false, "update": true, "verify_commit": false, "version": "HEAD"}, "module_name": "git"}, "msg":
"Warning: Identity file /home/me/.ssh/bitbucket_ssh_key not accessible: No such file or directory.
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.", "rc": 128, "stderr": "Warning: Identity file /home/me/.ssh/bitbucket_ssh_key not accessible: No such file or directory.
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
", "stdout": "", "stdout_lines": []}
而且我还在 ansible.cfg 文件中配置了转发(如上面的输出所示):
[ssh_connection]
# Enable SSH Agent Forwarding so that the private key used to be able to
# checkout from git does not have to be on the server
ssh_args=-o ForwardAgent=yes
最佳答案
修复它的最后一个错误是将 key 添加到 ssh-agent
通过 ssh-add ~/.ssh/the_ssh_key
.
我认为在我的情况下这是错误的组合,尽管这让我走到了这一步,因为我之前使用 ssh-add
添加了 key 但在尝试调试其他错误后破坏了实例。
供引用,the debugging checklist .
还有那里没有提到的东西:
id_rsa
,然后使用 -i the_ssh_key
手动指定它the_ssh_key.pub
相关用户的~/.ssh
中的文件目录 /etc/ssh/sshd_config
有 AllowAgentForwarding yes
ssh-agent -L
告诉您 ssh-agent 是否“知道”您有问题的 ssh key 。 (我不知道为什么当你用 ssh -i the_ssh_key
指定 key 文件时这是必要的) -o AllowAgentForwarding=yes
从控制机 ssh 时。 关于git - 如何在ansible中转发ssh key 以从源头 checkout 目标机器上的git存储库?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/40304492/