可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
I am using Ansible and I am having a hard time making the git module works.
I have read several posts of people having the same problem, I looked at the ansible doc, well I tried almost everything.
I found a clear tutorial that I followed until they use git but again I have a problem when I use my repository... :/
The git task just hangs... no error, it is just stuck!
Here is my host file:
[web]
dev1 ansible_ssh_host=10.0.0.101 ansible_ssh_user=root
This is a vagrant VM running on virtualbox on my computer.
I took the playbook from this tutorial and did all the steps until step 08: https://github.com/leucos/ansible-tuto/tree/master/step-08
I run it on my VM, it works fine, then I add one task "Deploy my code" to use my repository... but this task does not work. It is a private repository on bitbucket. Does it make a difference?
- hosts: web
tasks:
- name: Deploy our awesome application
action: git repo=https://github.com/leucos/ansible-tuto-demosite.git dest=/var/www/awesome-app
tags: deploy
- name: Deploy my code
action: git repo=https://YAmikep@bitbucket.org/YAmikep/djangotutorial.git dest=/var/www/my-app
tags: deploy
There might be something with the user, or the user running ansible, or the keys, etc, but I tried back and forth for hours and I am even more confused now... I just do not know what to do to debug that now and find out what is wrong and what I am missing.
Thanks.
回答1:
There are a couple of reasons why the git module might be hanging, but the most possible is that the git clone
command is waiting for a confirmation if the host key should be added to your server's known hosts. To verify if this is the problem execute ansible with the flag: --verbose
, so that it runs in verbose mode, this will give you more information about the error.
If you confirm that the known hosts is the problem, then you have two choices:
Solution 1:
To avoid this problem with the git
module use the accept_hostkey
parameter.
- name: ensure jquery repo is available
git: git@github.com:jquery/jquery.git version=master accept_hostkey=True
Solution 2:
Use the ansible-sshknownhosts
third-party module before using the core git
module:
- name: ensure github is a known host
action: sshknownhosts host=github.com state=present
- name: ensure jquery repo is available
git: git@github.com:jquery/jquery.git version=master accept_hostkey=True
Since the knownhosts
is not a core ansible module, you will need to install it first, please refer to the github repo docs for more information hon how to install it.
another solution would be to disable ssh host key checking, but this has security implications, so unless you really know what you are doing it is best to avoid this.
回答2:
I tried basically everything (accepting keys, ssh config change, known_hosts file, ssh-agent forwarding, and forgot what else) to no success.
After pulling all of my hair out, I eventually nailed down the problem to be a fact that the SSH private key may require a passphrase!
I didn't notice that earlier because local ssh agent took care of it using keyring stored passphrase so everything worked locally. Using Ansible on a Vagrant Virtual Machine, this mechanism was not available and the git module got stuck waiting for the passphrase to be entered. Once realised the possible cause, I created a special keypair without passphrase (security aspects are known, right?) and added the public key to bitbucket (/github /whichever). When using this particular key - things went smoothly through.
回答3:
If the user requires a password, the git module can hang if one isn't provided while the git executable prompts for it in the background. For your repo parameter, try using https://YAmikep:{yourpassword}@bitbucket.org/YAmikep/djangotutorial.git
. Or, try using git/ssh keys instead so no password is required.
回答4:
I've encountered this, and in my case git hang up on confirming new ssh key for a host (bitbucket.org). This could be solved by sshknownhosts module, which is run before git to populate .ssh/known_hosts at the host, so that afterwards git does not need to hang on it.
But be careful about possible security issues, read module documentation.
回答5:
fwiw I've also had this apparently caused by multiple ssh agents running (osx client).
Fixed by
killall ssh-agent && eval `ssh-agent` && ssh-add -K
回答6:
For me the problem was specifying the https path to git instead of the ssh path.
https://gitlab.com/foo/bar.git # Incorrect
git@gitlab.com:foo/bar.git # Correct
回答7:
I had a similar problem when using ansible with terraform. Terraform security groups do not default to "allow all egress" like they do in the AWS console, so the git clone request would not be sent regardless of client causing the hanging behavior.
See the note in the terraform docs here: https://www.terraform.io/docs/providers/aws/r/security_group.html#description-2