设置repo以设置Laravel服务器。基本上使用Ansible的配置脚本。仓库称为Stedding。它基于Digital Ocean tutorial和Roots Trellis的一些代码,因为我需要PHP 7.1软件包。
现在的问题是私有Github仓库没有得到克隆。正在阅读ssh代理,转发和所有这些。试过像here这样的sudoers和ansible.cfg设置。但还没有成功。我不想添加私钥。 所以我尝试了Geerlingguy使用
建议的hereHost [server-address-here] [ip-address-here]
ForwardAgent yes
在~./ssh/config
内。我还补充道:
[ssh_connection]
ssh_args=-o ForwardAgent=yes
到ansible.cfg。这样做可以正确转发并避免添加私有ssh密钥。但由于/var/www/
是0700 www-data:www-data
,我无法关闭become
成为sudo
并完成它,因为那时权限不足:
"msg": "Could not open /var/www, [Errno 13] Permission denied: '/var/www'",
"rc": 13
他提到这需要转发工作。
主代码片段加载克隆任务是:
- name: create /var/www/ directory
file: dest=/var/www/ state=directory owner=www-data group=www-data mode=0700
- name: Clone git repository
git:
repo: "{{ repo_url }}"
dest: /var/www/laravel
version: master
update: no
accept_hostkey: yes
become: yes
become_user: www-data
register: cloned
使用当前设置,所有内容都挂起:
TASK [Clone git repository] ****************************************************
task path: /Users/jasper/webdesign/stedding/php.yml:39
Using module file /usr/local/Cellar/ansible/2.2.1.0_2/libexec/lib/python2.7/site-packages/ansible/modules/core/source_control/git.py
<xxx.xxx.xx.xxx> ESTABLISH SSH CONNECTION FOR USER: laravel
<xxx.xxx.xx.xxx> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=laravel -o ConnectTimeout=10 -o ControlPath=/Users/jasper/.ansible/cp/ansible-ssh-%h-%p-%r 128.199.35.232 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /tmp/ansible-tmp-1494744537.18-20302566024245 `" && echo ansible-tmp-1494744537.18-20302566024245="` echo /tmp/ansible-tmp-1494744537.18-20302566024245 `" ) && sleep 0'"'"''
<xxx.xxx.xx.xxx> PUT /var/folders/_4/g8fn6chn46g9v058h8k4pzpw0000gn/T/tmpO09os2 TO /tmp/ansible-tmp-1494744537.18-20302566024245/git.py
<xxx.xxx.xx.xxx> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=laravel -o ConnectTimeout=10 -o ControlPath=/Users/jasper/.ansible/cp/ansible-ssh-%h-%p-%r '[xxx.xxx.xx.xxx]'
<xxx.xxx.xx.xxx> ESTABLISH SSH CONNECTION FOR USER: laravel
<xxx.xxx.xx.xxx> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=laravel -o ConnectTimeout=10 -o ControlPath=/Users/jasper/.ansible/cp/ansible-ssh-%h-%p-%r xxx.xxx.xx.xxx '/bin/sh -c '"'"'setfacl -m u:www-data:r-x /tmp/ansible-tmp-1494744537.18-20302566024245/ /tmp/ansible-tmp-1494744537.18-20302566024245/git.py && sleep 0'"'"''
<xxx.xxx.xx.xxx> ESTABLISH SSH CONNECTION FOR USER: laravel
<xxx.xxx.xx.xxx> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=laravel -o ConnectTimeout=10 -o ControlPath=/Users/jasper/.ansible/cp/ansible-ssh-%h-%p-%r -tt xxx.xxx.xx.xxx '/bin/sh -c '"'"'sudo -H -S -p "[sudo via ansible, key=vvqwwyduilnxfbnxgpojunlavpkasofr] password: " -u www-data /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-vvqwwyduilnxfbnxgpojunlavpkasofr; /usr/bin/python /tmp/ansible-tmp-1494744537.18-20302566024245/git.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
在使用(Ansible suggestion)将服务器上的Github添加到已知主机后,也会发生这种情况:
ssh-keyscan -H github.com > /etc/ssh/ssh_known_hosts
知道如何使克隆工作并保持安装Laravel应用程序的目录权限和安全权限吗?
答案 0 :(得分:1)
最后,主要问题是我需要正确设置代理转发。我是用
做的Host *
ForwardAgent yes
~/.ssh/config
中的那个和我决定使用root作为用户来设置大多数的剧本材料。 Root不需要切换到sudo。对于像克隆这样的部分,我可以使用用户laravel,因为它可以访问webroot作为所有者,并且也可以。所以也不需要sudo。
在Ansible创建sudo用户之后,我还没有尝试切换到sudo。对这一切仍然是新的。但取得了进展。而且我确信主机转发提示会帮助很多人。