无法通过ansible克隆私人bitbucket repo

时间:2016-11-11 09:21:44

标签: git bitbucket ansible-playbook ssh-agent

我在ansible.cfg中有以下配置

sudo_flags = -H -S -n
[ssh_connection]
ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s -o ForwardAgent=yes

- name: Fetch code from git repo
  git:  repo={{repo_url}}
        dest={{ proj_path }}
        version={{ repo_version }}
        accept_hostkey=yes
        force=true

请记住,在此之前我也有与sudo一样的任务

错误消息是:

Warning: Permanently added the RSA host key for IP address '2401:1d80:1010::150' to the list of known hosts.\r\nPermission denied (publickey).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.", "rc": 128, "stderr": "Warning: Permanently added the RSA host key for IP address '2401:1d80:1010::150' to the list of known hosts.\r\nPermission denied (publickey).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n", "stdout": "", "stdout_lines": []}

1 个答案:

答案 0 :(得分:2)

该错误消息表明Ansible正在使用的密钥没有从该Bitbucket仓库克隆的权限,或者Ansible没有使用它应该使用的密钥。从那条消息中没有明确的迹象表明它遇到了哪些问题,所以你必须稍微挖掘一下才能弄清楚发生了什么。

首先,使用ssh -i /path/to/key git@bitbucket.org测试密钥的权限。

如果您获得Permission denied (publickey),则该密钥不会与任何用户关联,也不会作为部署密钥添加到任何存储库。将公钥添加到需要它的用户或仓库。

如果你得到这样的东西 -

logged in as some-username-here.

You can use git or hg to connect to Bitbucket. Shell access is disabled.
Connection to bitbucket.org closed.

然后该密钥与该用户的帐户相关联。

如果你得到这样的东西 -

authenticated via a deploy key.

You can use git or hg to connect to Bitbucket. Shell access is disabled.

This deploy key has read access to the following repositories:

然后将密钥添加为那些存储库的部署(即只读)密钥。

如果密钥的权限良好,则ssh-agent无法运行或者它不知道密钥。尝试将ssh_args更新为以下内容:

ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s -o ForwardAgent=yes -i /path/to/key

这会强制Ansible使用指定的密钥进行连接。