我之前发过这个问题,但那里的答案已经不再适用了。
总之,当使用Ansible配置我的流浪盒时,在尝试使用ssh克隆我的bitbucket私有仓库时,我会遇到一个神秘的错误。错误表明"权限被拒绝(公钥)"。
然而,如果我流浪汉ssh然后运行' git clone'命令,私有仓库成功克隆。这表明ssh转发代理确实在工作,并且vagrant box可以访问与bitbucket repo相关联的私钥。
我在这个问题上已经苦苦挣扎了两天而且我已经失去了理智!拜托,有人帮帮我!!!
Vagrantfile:
Vagrant.configure("2") do |config|
config.vm.box = "ubuntu/xenial64"
config.vm.network "private_network", ip: "192.168.33.14"
config.ssh.forward_agent = true
config.vm.provider "virtualbox" do |vb|
vb.memory = "1824"
end
# Only contains ansible dependencies
config.vm.provision "shell",
inline: "sudo apt-get install python-minimal -y"
end
我的playbook.yml如下:
---
- hosts: all
become: true
tasks:
- name: create /var/www/ directory
file: dest=/var/www/ state=directory owner=ubuntu group=www-data mode=0755
- name: Add the user 'ubuntu' to group 'www-data'
user:
name: ubuntu
shell: /bin/bash
groups: www-data
append: yes
- name: Clone [My-Repo] bitbucket repo
become: false
git:
repo: git@bitbucket.org:[Username]/[My-Repo].com.git
dest: /var/www/poo
version: master
accept_hostkey: yes
错误消息: ansible-playbook playbook.yml
fatal: [192.168.33.14]: FAILED! => {"changed": false, "cmd": "/usr/bin/git clone --origin origin '' /var/www/poo", "failed": true, "msg": "Cloning into '/var/www/poo'...\nPermission denied (publickey).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.", "rc": 128, "stderr": "Cloning into '/var/www/poo'...\nPermission denied (publickey).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n", "stderr_lines": ["Cloning into '/var/www/poo'...", "Permission denied (publickey).", "fatal: Could not read from remote repository.", "", "Please make sure you have the correct access rights", "and the repository exists."], "stdout": "", "stdout_lines": []}
其他信息:
如果在流浪盒内手动完成克隆工作 ?:
vagrant ssh
git clone git@bitbucket.org:myusername/myprivaterepo.com.git
Then type "yes" to allow the RSA fingerprint to be added to ~/.ssh/known_hosts (as its first connection with bitbucket)
非常感谢任何帮助,感谢您阅读我的噩梦。
答案 0 :(得分:1)
这通常意味着Ansible不会尝试使用与使用vagrant ssh
的用户相同的用户来克隆回购。
更好地调试正在进行的操作的一个技巧是运行命令:
GIT_SSH_COMMAND='ssh -v' git clone ...
这样,您将看到确切尝试了哪些ssh密钥。
由于kostix建议in the comments,在Ansible命令中添加id
(或id -a
)也会有所帮助。
OP Gustavmahler确认in the comments:
你是对的:Ansible正在以不同于我期望的用户的方式克隆回购 我添加了以下修复任务的内容:
become: true become_user: vagrant
答案 1 :(得分:-1)
ssh-agent与终端会话相关联 - 但是自动Ansible运行不是。 (对于大多数cron工作来说,同样的交易,fwiw。)这也解释了为什么如果你通过SSH连接到你的Vagrant框并运行东西,事情就会正常工作。
如果您将ansible_ssh_private_key_file: /path/to/file
添加到剧本中,那么这会解决问题吗?