После долгого выдергивания волос и тряски головами я не могу понять этого.
Я пытаюсь заставить Ansible клонировать / проверять частное репо на удаленной машине и после исследования решил использовать пересылку SSH.
Я все настроил, и playbook не удалось. Я тестировал на ansible ad-hoc команда, вот результаты:
$ ansible build-servers -a "ssh -T git@github.com" -u builder
zaar | FAILED | rc=1 >>
Hi yuchunc! You've successfully authenticated, but GitHub does not provide shell access.non-zero return code
$ ansible build-servers -a "git ls-remote --heads git@github.com:yuchunc/ZaZaar.git" -u builder
zaar | SUCCESS | rc=0 >>
def3ca999e9f77776dc74fe4c152497040a5f020 refs/heads/master
Однако это не удалось, когда я запустил игру из сборника пьес.
играть:
- name: Check out project from git
git:
repo: "{{ app_repo }}"
dest: "{{ build_dir }}"
version: "{{ app_version | default('HEAD') }}"
force: yes
accept_hostkey: yes
Подробный вывод:
The full traceback is:
File "/tmp/ansible_dDsiHl/ansible_module_git.py", line 435, in clone
os.makedirs(dest_dirname)
File "/usr/lib64/python2.7/os.py", line 157, in makedirs
mkdir(name, mode)
fatal: [zaar]: FAILED! => {
"changed": false,
"cmd": "/bin/git clone --origin origin '' /home/builder/build/zazaar",
"invocation": {
"module_args": {
"accept_hostkey": true,
"archive": null,
"bare": false,
"clone": true,
"depth": null,
"dest": "/home/builder/build/zazaar",
"executable": null,
"force": true,
"key_file": null,
"recursive": true,
"reference": null,
"refspec": null,
"remote": "origin",
"repo": "git@github.com:yuchunc/ZaZaar.git",
"ssh_opts": null,
"track_submodules": false,
"umask": null,
"update": true,
"verify_commit": false,
"version": "HEAD"
}
},
"msg": "Permission denied (publickey).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.", "rc": 128,
"stderr": "Permission denied (publickey).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n",
"stderr_lines": [
"Permission denied (publickey).",
"fatal: Could not read from remote repository.",
"",
"Please make sure you have the correct access rights",
"and the repository exists."
],
"stdout": "Cloning into '/home/builder/build/zazaar'...\n",
"stdout_lines": [
"Cloning into '/home/builder/build/zazaar'..."
]
}
Ansible.cfg:
[defaults]
remote_user = centos
# system_errors = False
host_key_checking = False
inventory = inventory
roles_path = roles.galaxy:roles
# vault_password_file = vault.key
# lookup_plugins = ./lookup_plugins/
# filter_plugins = ./filter_plugins/
library = library
# timeout = 30
ansible_managed = Ansible managed, any changes you make here will be overwritten
retry_files_enabled = False
[ssh_connection]
# This assumes that you have added your servers to a ~/.ssh/config file
ssh_args = -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=15m -q
# With larger teams, we normally put the hosts in a ssh.config in the project
# which is the master definition of the hosts
# ssh_args = -o ControlMaster=auto -o ControlPersist=15m -F ssh.config -q
scp_if_ssh = True
control_path = /tmp/mux-%%r@%%h:%%p
pipelining = True
Я что-то пропустил?
Если я правильно понимаю ошибку, то git на целевой машине не знает, что он должен использовать закрытый ключ для аутентификации на Github. Это не проблема Ansible и подключения к целевому хосту.
Вы должны явно установить атрибут key_file в git задача.