我在ansible.cfg中有以下配置
sudo_flags = -H -S -n
[ssh_connection]
ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s -o ForwardAgent=yes
- name: Fetch code from git repo
git: repo={{repo_url}}
dest={{ proj_path }}
version={{ repo_version }}
accept_hostkey=yes
force=true
请记住,在此之前我也有与sudo一样的任务
错误消息是:
Warning: Permanently added the RSA host key for IP address '2401:1d80:1010::150' to the list of known hosts.\r\nPermission denied (publickey).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.", "rc": 128, "stderr": "Warning: Permanently added the RSA host key for IP address '2401:1d80:1010::150' to the list of known hosts.\r\nPermission denied (publickey).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n", "stdout": "", "stdout_lines": []}
答案 0 :(得分:2)
该错误消息表明Ansible正在使用的密钥没有从该Bitbucket仓库克隆的权限,或者Ansible没有使用它应该使用的密钥。从那条消息中没有明确的迹象表明它遇到了哪些问题,所以你必须稍微挖掘一下才能弄清楚发生了什么。
首先,使用ssh -i /path/to/key git@bitbucket.org测试密钥的权限。
如果您获得Permission denied (publickey),则该密钥不会与任何用户关联,也不会作为部署密钥添加到任何存储库。将公钥添加到需要它的用户或仓库。
如果你得到这样的东西 -
logged in as some-username-here.
You can use git or hg to connect to Bitbucket. Shell access is disabled.
Connection to bitbucket.org closed.
然后该密钥与该用户的帐户相关联。
如果你得到这样的东西 -
authenticated via a deploy key.
You can use git or hg to connect to Bitbucket. Shell access is disabled.
This deploy key has read access to the following repositories:
然后将密钥添加为那些存储库的部署(即只读)密钥。
如果密钥的权限良好,则ssh-agent无法运行或者它不知道密钥。尝试将ssh_args更新为以下内容:
ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s -o ForwardAgent=yes -i /path/to/key
这会强制Ansible使用指定的密钥进行连接。