经过多次拉扯头发和敲打头部之后,我似乎无法弄清楚这一点。
我正在尝试让 Ansible 克隆/检出远程机器上的私有存储库,并经过研究后决定使用 SSH 转发。
我设置好了一切,但剧本失败了。我在ansiblead-hoc 命令上进行了测试,结果如下:
$ ansible build-servers -a "ssh -T [email protected]" -u builder
zaar | FAILED | rc=1 >>
Hi yuchunc! You've successfully authenticated, but GitHub does not provide shell access.non-zero return code
$ ansible build-servers -a "git ls-remote --heads [email protected]:yuchunc/ZaZaar.git" -u builder
zaar | SUCCESS | rc=0 >>
def3ca999e9f77776dc74fe4c152497040a5f020 refs/heads/master
但是,当我从剧本中运行该剧本时,它失败了。
玩:
- name: Check out project from git
git:
repo: "{{ app_repo }}"
dest: "{{ build_dir }}"
version: "{{ app_version | default('HEAD') }}"
force: yes
accept_hostkey: yes
详细输出:
The full traceback is:
File "/tmp/ansible_dDsiHl/ansible_module_git.py", line 435, in clone
os.makedirs(dest_dirname)
File "/usr/lib64/python2.7/os.py", line 157, in makedirs
mkdir(name, mode)
fatal: [zaar]: FAILED! => {
"changed": false,
"cmd": "/bin/git clone --origin origin '' /home/builder/build/zazaar",
"invocation": {
"module_args": {
"accept_hostkey": true,
"archive": null,
"bare": false,
"clone": true,
"depth": null,
"dest": "/home/builder/build/zazaar",
"executable": null,
"force": true,
"key_file": null,
"recursive": true,
"reference": null,
"refspec": null,
"remote": "origin",
"repo": "[email protected]:yuchunc/ZaZaar.git",
"ssh_opts": null,
"track_submodules": false,
"umask": null,
"update": true,
"verify_commit": false,
"version": "HEAD"
}
},
"msg": "Permission denied (publickey).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.", "rc": 128,
"stderr": "Permission denied (publickey).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n",
"stderr_lines": [
"Permission denied (publickey).",
"fatal: Could not read from remote repository.",
"",
"Please make sure you have the correct access rights",
"and the repository exists."
],
"stdout": "Cloning into '/home/builder/build/zazaar'...\n",
"stdout_lines": [
"Cloning into '/home/builder/build/zazaar'..."
]
}
Ansible.cfg:
[defaults]
remote_user = centos
# system_errors = False
host_key_checking = False
inventory = inventory
roles_path = roles.galaxy:roles
# vault_password_file = vault.key
# lookup_plugins = ./lookup_plugins/
# filter_plugins = ./filter_plugins/
library = library
# timeout = 30
ansible_managed = Ansible managed, any changes you make here will be overwritten
retry_files_enabled = False
[ssh_connection]
# This assumes that you have added your servers to a ~/.ssh/config file
ssh_args = -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=15m -q
# With larger teams, we normally put the hosts in a ssh.config in the project
# which is the master definition of the hosts
# ssh_args = -o ControlMaster=auto -o ControlPersist=15m -F ssh.config -q
scp_if_ssh = True
control_path = /tmp/mux-%%r@%%h:%%p
pipelining = True
我是不是遗漏了什么?
答案1
如果我理解错误,那么目标机器上的 git 不知道它必须使用私钥来对 Github 进行身份验证。这不是 Ansible 和与目标主机的连接的问题。
key_file您应该在任务中明确设置该属性git。