Ansible Task Clone Private Repo挂起

时间:2017-05-14 06:59:58

标签: laravel github ansible

设置repo以设置Laravel服务器。基本上使用Ansible的配置脚本。仓库称为Stedding。它基于Digital Ocean tutorialRoots Trellis的一些代码,因为我需要PHP 7.1软件包。

现在的问题是私有Github仓库没有得到克隆。正在阅读ssh代理,转发和所有这些。试过像here这样的sudoers和ansible.cfg设置。但还没有成功。我不想添加私钥。 所以我尝试了Geerlingguy使用

建议的here
Host [server-address-here] [ip-address-here]
    ForwardAgent yes

~./ssh/config内。我还补充道:

[ssh_connection]
ssh_args=-o ForwardAgent=yes

到ansible.cfg。这样做可以正确转发并避免添加私有ssh密钥。但由于/var/www/是0700 www-data:www-data,我无法关闭become成为sudo并完成它,因为那时权限不足:

"msg": "Could not open /var/www, [Errno 13] Permission denied: '/var/www'", 
    "rc": 13

他提到这需要转发工作。

主代码片段加载克隆任务是:

- name: create /var/www/ directory
    file: dest=/var/www/ state=directory owner=www-data group=www-data mode=0700

  - name: Clone git repository
    git:
      repo: "{{ repo_url }}"
      dest: /var/www/laravel
      version: master
      update: no
      accept_hostkey: yes
    become: yes
    become_user: www-data
    register: cloned

使用当前设置,所有内容都挂起:

TASK [Clone git repository] ****************************************************
task path: /Users/jasper/webdesign/stedding/php.yml:39
Using module file /usr/local/Cellar/ansible/2.2.1.0_2/libexec/lib/python2.7/site-packages/ansible/modules/core/source_control/git.py
<xxx.xxx.xx.xxx> ESTABLISH SSH CONNECTION FOR USER: laravel
<xxx.xxx.xx.xxx> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=laravel -o ConnectTimeout=10 -o ControlPath=/Users/jasper/.ansible/cp/ansible-ssh-%h-%p-%r 128.199.35.232 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /tmp/ansible-tmp-1494744537.18-20302566024245 `" && echo ansible-tmp-1494744537.18-20302566024245="` echo /tmp/ansible-tmp-1494744537.18-20302566024245 `" ) && sleep 0'"'"''
<xxx.xxx.xx.xxx> PUT /var/folders/_4/g8fn6chn46g9v058h8k4pzpw0000gn/T/tmpO09os2 TO /tmp/ansible-tmp-1494744537.18-20302566024245/git.py
<xxx.xxx.xx.xxx> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=laravel -o ConnectTimeout=10 -o ControlPath=/Users/jasper/.ansible/cp/ansible-ssh-%h-%p-%r '[xxx.xxx.xx.xxx]'
<xxx.xxx.xx.xxx> ESTABLISH SSH CONNECTION FOR USER: laravel
<xxx.xxx.xx.xxx> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=laravel -o ConnectTimeout=10 -o ControlPath=/Users/jasper/.ansible/cp/ansible-ssh-%h-%p-%r xxx.xxx.xx.xxx '/bin/sh -c '"'"'setfacl -m u:www-data:r-x /tmp/ansible-tmp-1494744537.18-20302566024245/ /tmp/ansible-tmp-1494744537.18-20302566024245/git.py && sleep 0'"'"''
<xxx.xxx.xx.xxx> ESTABLISH SSH CONNECTION FOR USER: laravel
<xxx.xxx.xx.xxx> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=laravel -o ConnectTimeout=10 -o ControlPath=/Users/jasper/.ansible/cp/ansible-ssh-%h-%p-%r -tt xxx.xxx.xx.xxx '/bin/sh -c '"'"'sudo -H -S  -p "[sudo via ansible, key=vvqwwyduilnxfbnxgpojunlavpkasofr] password: " -u www-data /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-vvqwwyduilnxfbnxgpojunlavpkasofr; /usr/bin/python /tmp/ansible-tmp-1494744537.18-20302566024245/git.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''

在使用(Ansible suggestion)将服务器上的Github添加到已知主机后,也会发生这种情况:

ssh-keyscan -H github.com > /etc/ssh/ssh_known_hosts

知道如何使克隆工作并保持安装Laravel应用程序的目录权限和安全权限吗?

1 个答案:

答案 0 :(得分:1)

最后,主要问题是我需要正确设置代理转发。我是用

做的
Host *
  ForwardAgent yes
~/.ssh/config中的

那个和我决定使用root作为用户来设置大多数的剧本材料。 Root不需要切换到sudo。对于像克隆这样的部分,我可以使用用户laravel,因为它可以访问webroot作为所有者,并且也可以。所以也不需要sudo。

在Ansible创建sudo用户之后,我还没有尝试切换到sudo。对这一切仍然是新的。但取得了进展。而且我确信主机转发提示会帮助很多人。