无法通过 ansible 克隆私有 bitbucket 存储库

Question

我在ansible.cfg中有如下配置

sudo_flags = -H -S -n
[ssh_connection]
ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s -o ForwardAgent=yes

- name: Fetch code from git repo
  git:  repo={{repo_url}}
        dest={{ proj_path }}
        version={{ repo_version }}
        accept_hostkey=yes
        force=true

请记住，在此之前我也有以 sudo 运行的相同任务

错误信息是：

Warning: Permanently added the RSA host key for IP address '2401:1d80:1010::150' to the list of known hosts.\r\nPermission denied (publickey).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.", "rc": 128, "stderr": "Warning: Permanently added the RSA host key for IP address '2401:1d80:1010::150' to the list of known hosts.\r\nPermission denied (publickey).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n", "stdout": "", "stdout_lines": []}

Answer 1

该错误消息表明 Ansible 正在使用的密钥没有从该 Bitbucket 存储库克隆的权限，或者 Ansible 没有使用它应该使用的密钥。该消息没有明确表明它遇到了哪些问题，因此您必须深入挖掘以弄清楚发生了什么。

---

首先，使用ssh -i /path/to/key git@bitbucket.org 测试密钥的权限。

如果您收到Permission denied (publickey)，则该密钥未与任何用户关联，也未作为部署密钥添加到任何存储库。将公钥添加到需要它的用户或仓库。

如果你得到这样的东西 -

logged in as some-username-here.

You can use git or hg to connect to Bitbucket. Shell access is disabled.
Connection to bitbucket.org closed.

然后密钥与该用户的帐户相关联。

如果你得到这样的东西 -

authenticated via a deploy key.

You can use git or hg to connect to Bitbucket. Shell access is disabled.

This deploy key has read access to the following repositories:

然后将密钥作为部署（即只读）密钥添加到这些存储库。

---

如果密钥的权限很好，那么 ssh-agent 没有运行或者它不知道密钥。尝试将您的 ssh_args 更新为以下内容：

ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s -o ForwardAgent=yes -i /path/to/key

这将强制 Ansible 使用指定的密钥进行连接。