我确切地发现了Ansible正在执行的操作,并且自己从命令行尝试了它,当然,它也在那里失败了。
[/common/picsolve-ansible/u12.04%]ssh -o HostName=127.0.0.1 \
-o User=vagrant -o Port=2222 -o UserKnownHostsFile=/dev/null \
-o StrictHostKeyChecking=no -o PasswordAuthentication=no \
-o IdentityFile=/Users/bryanhunt/.vagrant.d/insecure_private_key \
-o IdentitiesOnly=yes -o LogLevel=FATAL \
-o ForwardAgent=yes "/bin/sh \
-c 'git clone git@bitbucket.org:bryan_picsolve/poc_docker.git /home/vagrant/poc_docker' "
Permission denied (publickey,password).
但是当我运行vagrant ssh时,代理转发工作正常,我可以检查R / W我的github项目。
[/common/picsolve-ansible/u12.04%]vagrant ssh
vagrant@vagrant-ubuntu-precise-64:~$ /bin/sh -c 'git clone git@bitbucket.org:bryan_picsolve/poc_docker.git /home/vagrant/poc_docker'
Cloning into '/home/vagrant/poc_docker'...
remote: Counting objects: 18, done.
remote: Compressing objects: 100% (14/14), done.
remote: Total 18 (delta 4), reused 0 (delta 0)
Receiving objects: 100% (18/18), done.
Resolving deltas: 100% (4/4), done.
vagrant@vagrant-ubuntu-precise-64:~$
有谁知道它是如何工作的?
更新
通过ps awux我确定了Vagrant正在执行的确切命令。
我复制了它并且git checkout工作了。
ssh vagrant@127.0.0.1 -p 2222 \
-o Compression=yes \
-o StrictHostKeyChecking=no \
-o LogLevel=FATAL \
-o StrictHostKeyChecking=no \
-o UserKnownHostsFile=/dev/null \
-o IdentitiesOnly=yes \
-i /Users/bryanhunt/.vagrant.d/insecure_private_key \
-o ForwardAgent=yes \
-o LogLevel=DEBUG \
"/bin/sh -c 'git clone git@bitbucket.org:bryan_picsolve/poc_docker.git /home/vagrant/poc_docker' "
答案 0 :(得分:20)
从ansible 1.5(devel aa2d6e47f0)最后更新2014/03/24 14:23:18(GMT +100)和Vagrant 1.5.1开始,现在可行了。
我的Vagrant配置包含以下内容:
config.vm.provision "ansible" do |ansible|
ansible.playbook = "../playbooks/basho_bench.yml"
ansible.sudo = true
ansible.host_key_checking = false
ansible.verbose = 'vvvv'
ansible.extra_vars = { ansible_ssh_user: 'vagrant',
ansible_connection: 'ssh',
ansible_ssh_args: '-o ForwardAgent=yes'}
明确禁用sudo使用也是一个好主意。例如,当使用Ansible git模块时,我这样做:
- name: checkout basho_bench repository
sudo: no
action: git repo=git@github.com:basho/basho_bench.git dest=basho_bench
答案 1 :(得分:15)
关键区别似乎是UserKnownHostFile设置。即使关闭StrictHostKeyChecking,当已知主机文件中存在冲突条目时,ssh也会静默禁用某些功能,包括代理转发(这些冲突对于流浪者来说很常见,因为多个VM在不同时间可能具有相同的地址)。如果我将UserKnownHostFile指向/ dev / null:
,它对我有用config.vm.provision "ansible" do |ansible|
ansible.playbook = "playbook.yml"
ansible.raw_ssh_args = ['-o UserKnownHostsFile=/dev/null']
end
答案 2 :(得分:7)
这是一种解决方法:
使用以下行在与Vagrantfile相同的目录中创建ansible.cfg文件:
[ssh_connection]
ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o ForwardAgent=yes
答案 3 :(得分:2)
我发现我需要做两件事(在Ubuntu 12.04上)以使其正常工作:
-o ForwardAgent内容添加/etc/sudoers.d/01-make_SSH_AUTH_SOCK_AVAILABLE这些内容:
Defaults env_keep += "SSH_AUTH_SOCK"
答案 4 :(得分:2)
您只需将此行添加到您的Vagrant文件即可启用ssh转发:
config.ssh.forward_agent = true
注意:请勿忘记使用become: false执行任务
希望,这会有所帮助。
答案 5 :(得分:1)
我在一个非常类似的问题上挣扎了好几个小时。 流浪汉1.7.2 ansible 1.9.4
我的症状:
failed: [vagrant1] => {"cmd": "/usr/bin/git ls-remote '' -h refs/heads/HEAD", "failed": true, "rc": 128}
stderr: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
msg: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
FATAL: all hosts have already failed -- aborting
通过SSH访问来宾,我发现我的ssh-agent正在按预期转发:
vagrant@vagrant-ubuntu-trusty-64:~$ ssh -T git@github.com
Hi baxline! You've successfully authenticated, but GitHub does not provide shell access.
但是,从主机,我无法打开连接:
$ ansible web -a "ssh-add -L"
vagrant1 | FAILED | rc=2 >>
Could not open a connection to your authentication agent.
确认我的ansible.cfg文件已设置好后,正如@Lorin所说,我的Vagrantfile设置为config.ssh.forward_agent = true,我仍然做得很短。
解决方案是删除我的guest虚拟机&〜; .ssh / known_hosts文件中与我的guest虚拟机关联的所有行。对我来说,他们是从以下开始的线:
[127.0.0.1]:2201 ssh-rsa
[127.0.0.1]:2222 ssh-rsa
[127.0.01]:2222 ssh-rsa
[127.0.0.1]:2200 ssh-rsa
注意第三行有一个有趣的IP地址。我不确定,但我相信这条线是罪魁祸首。这些行是在我销毁并创建流浪的虚拟机时创建的。