After much hair pulling and head banging, I can't seem to figure this one out.
I am trying to get Ansible to clone/checkout a private repo on a remote machine, and decided to go with SSH forwarding after research.
I set everything up and the playbook failed. I tested on ansible ad-hoc command, these are the results:
$ ansible build-servers -a "ssh -T [email protected]" -u builder zaar | FAILED | rc=1 >> Hi yuchunc! You've successfully authenticated, but GitHub does not provide shell access.non-zero return code $ ansible build-servers -a "git ls-remote --heads [email protected]:yuchunc/ZaZaar.git" -u builder zaar | SUCCESS | rc=0 >> def3ca999e9f77776dc74fe4c152497040a5f020 refs/heads/master However, it failed when I ran the play from a playbook.
play:
- name: Check out project from git git: repo: "{{ app_repo }}" dest: "{{ build_dir }}" version: "{{ app_version | default('HEAD') }}" force: yes accept_hostkey: yes Verbose output:
The full traceback is: File "/tmp/ansible_dDsiHl/ansible_module_git.py", line 435, in clone os.makedirs(dest_dirname) File "/usr/lib64/python2.7/os.py", line 157, in makedirs mkdir(name, mode) fatal: [zaar]: FAILED! => { "changed": false, "cmd": "/bin/git clone --origin origin '' /home/builder/build/zazaar", "invocation": { "module_args": { "accept_hostkey": true, "archive": null, "bare": false, "clone": true, "depth": null, "dest": "/home/builder/build/zazaar", "executable": null, "force": true, "key_file": null, "recursive": true, "reference": null, "refspec": null, "remote": "origin", "repo": "[email protected]:yuchunc/ZaZaar.git", "ssh_opts": null, "track_submodules": false, "umask": null, "update": true, "verify_commit": false, "version": "HEAD" } }, "msg": "Permission denied (publickey).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.", "rc": 128, "stderr": "Permission denied (publickey).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n", "stderr_lines": [ "Permission denied (publickey).", "fatal: Could not read from remote repository.", "", "Please make sure you have the correct access rights", "and the repository exists." ], "stdout": "Cloning into '/home/builder/build/zazaar'...\n", "stdout_lines": [ "Cloning into '/home/builder/build/zazaar'..." ] } Ansible.cfg:
[defaults] remote_user = centos # system_errors = False host_key_checking = False inventory = inventory roles_path = roles.galaxy:roles # vault_password_file = vault.key # lookup_plugins = ./lookup_plugins/ # filter_plugins = ./filter_plugins/ library = library # timeout = 30 ansible_managed = Ansible managed, any changes you make here will be overwritten retry_files_enabled = False [ssh_connection] # This assumes that you have added your servers to a ~/.ssh/config file ssh_args = -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=15m -q # With larger teams, we normally put the hosts in a ssh.config in the project # which is the master definition of the hosts # ssh_args = -o ControlMaster=auto -o ControlPersist=15m -F ssh.config -q scp_if_ssh = True control_path = /tmp/mux-%%r@%%h:%%p pipelining = True Did I missed something?
GIT_SSH_COMMANDenvironment to tack on-vflags to thesshto see exactly how it is running?GIT_SSH_COMMAND="ssh -v -i ~/.ssh/id_rsa" ansible-playbook -u Mickey -vvv -l build-servers playbooks/setup-build.yml -DI do see my public key in other play underansible_ssh_host_key_ecdsa_public, the git command did not show any thing resembling my key.https://gist.github.com/arbabnazar/6b9909cfba52ac066512ba5d1c1a1080But I ran in to the issue of not having root access on gcp instance. = (environmentYAML thing: stackoverflow.com/questions/27733511/…