I got a troubling issue with Ansible. I setup a git cloning on my environment using ssh key of my current host:
- name: Add user Public Key
copy:
src: "/Users/alexgrs/.ssh/id_rsa.pub"
dest: "/home/vagrant/.ssh/id_rsa.pub"
mode: 0644
- name: Add user Private Key
copy:
src: "/Users/alexgrs/.ssh/id_rsa"
dest: "/home/vagrant/.ssh/id_rsa"
mode: 0600
- name: Clone Repository
git:
repo: repo.git
dest: /home/vagrant/workspace/
update: true
accept_hostkey: true
key_file: "/home/vagrant/.ssh/id_rsa.pub"
If I vagrant ssh
on Vagrant and execute git pull repo
it works. But when I do a vagrant provision
I got the following error message:
stderr: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights and the repository exists.
I'm pretty sure my publickey is not used by vangrant provision but I'm not able to detect why.
Did you already see this kind of issue ?
Thank you.
EDIT: It seems that ansible is not doing a git clone but is trying the following command:
/usr/bin/git ls-remote ssh://repo.git -h refs/heads/HEAD
I tried it in my vagrant box and I have the same permission denied issue.
Copying private keys IMHO never is a good idea. A better option would be to enable ssh agent forwarding.
You can do this globally in your local
.ssh/config
:Or in your
ansible.cfg
:In any case though you need to make sure the host/vm accepts agent forwarding. In the remote
/etc/ssh/sshd_config
this has to be defined:CheckOut this GitHub issue.
It explains that
repo.git
ssh clone url should either be (URL syntax):or (SCP syntax):
Check your
key_file
too.In the key_file option, you are using the public key when you should be using the private key
Source: http://docs.ansible.com/git_module.html