使用关于vagrant + ansible的git任务进行配置似乎不起作用,猜测问题是ssh-forwarding。
如果我进入框中,我可以git clone就好了。我可以查看ssh-add -L,看看我的密钥确实被转发了。
当我运行vagrant provision时,我得到:
failed: [ss_app] => {"changed": false, "cmd": "/usr/bin/git ls-remote git@github.com:org/app.git -h refs/heads/master", "failed": true, "item": "", "rc": 128}
stderr: Permission denied (publickey).
fatal: The remote end hung up unexpectedly
关于任务:
- name: install from git
git: >
repo={{ app.repo }}
dest={{ app.home }}
version={{ app.version }}
accept_hostkey=yes
update=yes
在我的ansible.cfg:
[defaults]
transport = ssh
[ssh_connection]
ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o ForwardAgent=yes -A
我也尝试过使用:
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
config.vm.provision "ansible" do |ansible|
ansible.playbook = "provision.yml"
ansible.inventory_path = "hosts/vagrant"
ansible.sudo = true
ansible.host_key_checking = false
ansible.verbose = 'vvvv'
ansible.extra_vars = {
ansible_ssh_user: 'vagrant',
ansible_connection: 'ssh',
ansible_ssh_args: '-o ForwardAgent=yes'
}
end
根据其他一些堆栈溢出问题。但是,这些都不起作用。
思想?
编辑:
# -*- mode: ruby -*-
# vi: set ft=ruby :
# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
VAGRANTFILE_API_VERSION = "2"
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
config.vm.provision "ansible" do |ansible|
ansible.playbook = "provision.yml"
ansible.inventory_path = "hosts/vagrant"
ansible.sudo = true
ansible.host_key_checking = false
ansible.verbose = 'vvvv'
ansible.extra_vars = {
ansible_ssh_user: 'vagrant',
ansible_connection: 'ssh',
ansible_ssh_args: '-o ForwardAgent=yes -A'
}
# ansible.limit = 'all'
end
config.ssh.forward_agent = true
config.vm.define :ss_app do |ss_app_config|
ss_app_config.vm.box = "precise64"
ss_app_config.vm.box_url = "http://cloud-images.ubuntu.com/vagrant/precise/current/precise-server-cloudimg-amd64-vagrant-disk1.box"
ss_app_config.vm.network :private_network, ip: "10.1.100.100"
ss_app_config.vm.network :forwarded_port, guest: 22, host: 2222, id: 'ssh', auto_correct: true
ss_app_config.ssh.forward_agent = true
ss_app_config.vm.provider :virtualbox do |virtualbox|
virtualbox.customize ["modifyvm", :id, "--memory", "1024"]
end
end
end
^^还有更多我的Vagrantfile。
这是正在运行的命令:/usr/bin/git ls-remote git@github.com:org/app.git -h refs/heads/master
如果我通过vagrant ssh登录然后运行该命令,它运行正常,只在提供期间失败。
答案 0 :(得分:3)
我对类似问题的解决方案是使用以下ansible任务使SSH代理转发与sudo一起工作:
- name: Copy sudoers file for safety
command: cp -f /etc/sudoers /etc/sudoers.tmp
- name: Create sudoers file backup
command: cp -f /etc/sudoers /etc/sudoers.bak
- name: Create admins group
group: name=admins system=yes state=present
- name: make sure we can sudo as admin group
lineinfile: dest=/etc/sudoers.tmp state=present regexp='^%admin' line='%admin ALL=(ALL) ALL'
- name: Make sure ssh-agent works via sudo
lineinfile: dest=/etc/sudoers.tmp state=present regexp='^Defaults env_keep\+\=SSH_AUTH_SOCK' line='Defaults env_keep+=SSH_AUTH_SOCK'
- name: Final sudoers file check
shell: visudo -q -c -f /etc/sudoers.tmp && cp -f /etc/sudoers.tmp /etc/sudoers
答案 1 :(得分:2)
过去几天我自己也有同样的问题。您尝试过的解决方案过于复杂,因为其中一些解决方案适用于早期版本的Vagrant和Ansible。
这是更简单,更清洁的东西:
sudo: no设置为“从git”安装任务。 (对于sudo默认情况下,您可以将ansible.sudo = true保留在Vagrantfile中,或者在游戏中执行sudo: yes以执行其他任务)ss_app_config.ssh.forward_agent = true在那里ansible.host_key_checking,ansible.extra_vars中删除,因为ssh代理转发不需要它们。ansible.cfg文件,不需要希望它适合你。
答案 2 :(得分:1)
您可以(应该)启用SSH-Forwarding via Vagrant settings:
Vagrant.configure("2") do |config|
config.vm.box = "..."
config.ssh.forward_agent = true
config.vm.provision "ansible" do |ansible|
ansible.playbook = "playbook.yml"
ansible.verbose = 'v'
end
end
请注意,从Vagrant 1.6.0开始(启用了ansible.verbose),ansible-playbook command used by Vagrant is showed(对调试很有用)。
如果您仍有问题,请提供一个Vagrantfile示例和vagrant provision运行生成的ansible-playbook命令吗?