Ansible git clone 'Permission Denied' but

2019-04-19 03:33发布

问题:

I got a troubling issue with Ansible. I setup a git cloning on my environment using ssh key of my current host:

- name: Add user Public Key
    copy: 
     src: "/Users/alexgrs/.ssh/id_rsa.pub"
     dest: "/home/vagrant/.ssh/id_rsa.pub"
     mode: 0644

- name: Add user Private Key
    copy: 
     src: "/Users/alexgrs/.ssh/id_rsa"
     dest: "/home/vagrant/.ssh/id_rsa"
     mode: 0600

- name: Clone Repository
  git: 
   repo: repo.git
   dest: /home/vagrant/workspace/
   update: true
   accept_hostkey: true
   key_file: "/home/vagrant/.ssh/id_rsa.pub"

If I vagrant ssh on Vagrant and execute git pull repoit works. But when I do a vagrant provision I got the following error message:

stderr: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights and the repository exists.

I'm pretty sure my publickey is not used by vangrant provision but I'm not able to detect why.

Did you already see this kind of issue ?

Thank you.

EDIT: It seems that ansible is not doing a git clone but is trying the following command:

/usr/bin/git ls-remote ssh://repo.git -h refs/heads/HEAD

I tried it in my vagrant box and I have the same permission denied issue.

回答1:

Copying private keys IMHO never is a good idea. A better option would be to enable ssh agent forwarding.

You can do this globally in your local .ssh/config:

ForwardAgent yes

Or in your ansible.cfg:

[ssh_connection]
ssh_args= -A

In any case though you need to make sure the host/vm accepts agent forwarding. In the remote /etc/ssh/sshd_config this has to be defined:

AllowAgentForwarding yes


回答2:

In the key_file option, you are using the public key when you should be using the private key

Source: http://docs.ansible.com/git_module.html



回答3:

CheckOut this GitHub issue.

It explains that repo.git ssh clone url should either be (URL syntax):

ssh://git@bitbucket.org/my_user/my_repo.git

or (SCP syntax):

git@bitbucket.org:my_user/my_repo.git

Check your key_file too.



标签: git ansible