Ansible bitbucket克隆repo配置ssh错误

时间:2017-12-13 02:12:23

标签: git ssh vagrant ansible bitbucket

我之前发过这个问题,但那里的答案已经不再适用了。

总之,当使用Ansible配置我的流浪盒时,在尝试使用ssh克隆我的bitbucket私有仓库时,我会遇到一个神秘的错误。错误表明"权限被拒绝(公钥)"。

然而,如果我流浪汉ssh然后运行' git clone'命令,私有仓库成功克隆。这表明ssh转发代理确实在工作,并且vagrant box可以访问与bitbucket repo相关联的私钥。

我在这个问题上已经苦苦挣扎了两天而且我已经失去了理智!拜托,有人帮帮我!!!

Vagrantfile:

Vagrant.configure("2") do |config|
  config.vm.box = "ubuntu/xenial64"
  config.vm.network "private_network", ip: "192.168.33.14"
  config.ssh.forward_agent = true

  config.vm.provider "virtualbox" do |vb|
    vb.memory = "1824"
  end

  # Only contains ansible dependencies
  config.vm.provision "shell",
    inline: "sudo apt-get install python-minimal -y"

end

我的playbook.yml如下:

---

- hosts: all
  become: true

  tasks:
    - name: create /var/www/ directory
      file: dest=/var/www/ state=directory owner=ubuntu group=www-data mode=0755

    - name: Add the user 'ubuntu' to group 'www-data'
      user:
        name: ubuntu
        shell: /bin/bash
        groups: www-data
        append: yes

    - name: Clone [My-Repo] bitbucket repo
      become: false
      git: 
        repo: git@bitbucket.org:[Username]/[My-Repo].com.git
        dest: /var/www/poo
        version: master
        accept_hostkey: yes

错误消息:     ansible-playbook playbook.yml

fatal: [192.168.33.14]: FAILED! => {"changed": false, "cmd": "/usr/bin/git clone --origin origin '' /var/www/poo", "failed": true, "msg": "Cloning into '/var/www/poo'...\nPermission denied (publickey).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.", "rc": 128, "stderr": "Cloning into '/var/www/poo'...\nPermission denied (publickey).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n", "stderr_lines": ["Cloning into '/var/www/poo'...", "Permission denied (publickey).", "fatal: Could not read from remote repository.", "", "Please make sure you have the correct access rights", "and the repository exists."], "stdout": "", "stdout_lines": []}

其他信息:

    我机器上的
  • ssh-add -l <​​/ em>确实包含相关的bitbucket repo密钥。
  • 流浪者盒子里面的
  • ssh-add -l <​​/ em>也包含相关的bitbucket repo密钥(通过ssh-forwarding)。

如果在流浪盒内手动完成克隆工作

vagrant ssh
git clone git@bitbucket.org:myusername/myprivaterepo.com.git
Then type "yes" to allow the RSA fingerprint to be added to ~/.ssh/known_hosts (as its first connection with bitbucket)

非常感谢任何帮助,感谢您阅读我的噩梦。

2 个答案:

答案 0 :(得分:1)

这通常意味着Ansible不会尝试使用与使用vagrant ssh的用户相同的用户来克隆回购。

更好地调试正在进行的操作的一个技巧是运行命令:

GIT_SSH_COMMAND='ssh -v' git clone ...

这样,您将看到确切尝试了哪些ssh密钥。

由于kostix建议in the comments,在Ansible命令中添加id(或id -a)也会有所帮助。

OP Gustavmahler确认in the comments

  

你是对的:Ansible正在以不同于我期望的用户的方式克隆回购   我添加了以下修复任务的内容:

become: true 
become_user: vagrant 

答案 1 :(得分:-1)

ssh-agent与终端会话相关联 - 但是自动Ansible运行不是。 (对于大多数cron工作来说,同样的交易,fwiw。)这也解释了为什么如果你通过SSH连接到你的Vagrant框并运行东西,事情就会正常工作。

如果您将ansible_ssh_private_key_file: /path/to/file添加到剧本中,那么这会解决问题吗?