如何在 ansible git 模块中使用远程机器的 SSH 密钥
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/29724680/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How do I use remote machine's SSH keys in ansible git module
提问by jschank
I've been trying to get Ansible to provision a remote machine, and I want the remote machine to be set up with its own keys, and have the ability to clone git repositories from Bitbucket.
我一直在尝试让 Ansible 配置远程机器,我希望远程机器使用自己的密钥进行设置,并且能够从 Bitbucket 克隆 git 存储库。
The user is set up, has its own id_rsa.pub, and the key has been registered with bitbucket.
用户设置好,有自己的id_rsa.pub,key已经注册到bitbucket了。
But, when I use the Ansible Git module, it looks like the module always tries to use the keys from the machine running the playbook.
但是,当我使用 Ansible Git 模块时,该模块似乎总是尝试使用运行剧本的机器上的密钥。
How do I get the git module to use the id_rsa.pub from the remote machine?
如何让 git 模块使用远程机器上的 id_rsa.pub?
The relevant task is this:
相关任务是这样的:
- name: be sure prom-king has an up-to-date clone of its own repository
git:
repo: "ssh://[email protected]/prom-king.git"
dest: /home/promking/prom-king
accept_hostkey: yes
clone: yes
key_file: /home/promking/.ssh/id_rsa.pub
update: yes
The relevant inventory is this
相关库存是这个
# inventory file for use with the vagrant box in the testing directory.
[prom-king]
192.168.168.192 ansible_ssh_host=127.0.0.1 ansible_sudo=true ansible_connection=ssh ansible_ssh_port=2222 ansible_ssh_user=vagrant ansible_ssh_private_key_file=testing/.vagrant/machines/default/virtualbox/private_key
回答by Mikko Ohtamaa
This is how I deploy from Github using a key file set on the remote server. If the keyfileparameter for gitdoesn't work then something is wrong with your playbook:
这就是我使用远程服务器上设置的密钥文件从 Github 部署的方式。如果keyfilefor的参数git不起作用,则说明您的剧本有问题:
- name: Creates .ssh directory for root
sudo: yes
file: path=/root/.ssh state=directory
# This public key is set on Github repo Settings under "Deploy keys"
- name: Upload the private key used for Github cloning
sudo: yes
copy: src=keys/github dest=/root/.ssh/github
- name: Correct SSH deploy key permissions
sudo: yes
file: dest=/root/.ssh/github mode=0600
- name: Deploy site files from Github repository
sudo: yes
git:
repo: [email protected]:miohtama/foobar.git
dest: /srv/django/foobar
key_file: /root/.ssh/github
accept_hostkey: yes
force: yes
回答by udondan
If I understand this correctly, you do - or want to - deploy your private key to the remote machine so you can clone the repo. I believe instead you should use key forwarding. In your .ssh/configset this:
如果我理解正确,您可以 - 或者想要 - 将您的私钥部署到远程机器,以便您可以克隆存储库。我相信您应该使用密钥转发。在您的.ssh/config设置中:
ForwardAgent yes
Or if you want to limit this to Ansible you can define it in your ansible.cfg:
或者,如果您想将其限制为 Ansible,您可以在您的ansible.cfg:
[ssh_connection]
ssh_args= -A
