Hi, Your play snippet and execution log excerpt do not allow to know if the `git` task is executed by the remote user (in this example `vagrant`) and I suspect that this task is in fact executed by root, due to some `sudo: yes` (enabled either in Vagrant settings or in your playbook file). In this case, you might have a look at following SO questions:
- http://stackoverflow.com/a/22768453/2951970 - http://stackoverflow.com/a/23524170/2951970 If you are in such similar situation, I would recommend to organize your play so that the git module is executed by the remote user (vagrant). Hope it helps, Gilles Le mercredi 7 mai 2014 22:01:35 UTC+2, tamakisquare a écrit : > > My setup is a vagrant box whose provisioning is provided by ansible. I > have set up ssh agent forwarding from my local/host machine to the > vagrant box so that the user 'vagrant' can perform `git clone` on a private > bitbucket repo, which is configured to perform ssh key authentication. > > To verify that the ssh agent forwarding works, I ssh'ed to the vagrant box > with the user 'vagrant' and I was able to perform `git clone` on the > mentioned remote repo, without setting up the required private key in the > vagrant box itself. > > However, when ansible performs the same task via the git module it fails > with "*Permission denied (publickey)"* error > > The play/task: > - name: Set up source > hosts: appserver > tasks: > - name: Git | Clone private repo from bitbucket > git: > repo="g...@bitbucket.org:someuser/somerepo.git" > dest=/home/vagrant/example > > The verbose output for the task: > TASK: [Git | Clone private repo from bitbucket] **************** > <192.168.55.139> ESTABLISH CONNECTION FOR USER: vagrant > <192.168.55.139> REMOTE_MODULE git repo= > "g...@bitbucket.org:someuser/somerepo.git" dest=/home/vagrant/example > <192.168.55.139> EXEC ['ssh', '-C', '-tt', '-vvv', '-o', > 'ForwardAgent=yes', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s' > , '-o', 'ControlPath=/Users/windbottle/.ansible/cp/ansible-ssh-%h-%p-%r', > '-o', 'StrictHostKeyChecking=no', '-o', 'Port=22', '-o', > 'IdentityFile=/Users/windbottle/.vagrant.d/insecure_private_key', '-o', > 'KbdInteractiveAuthentication=no', '-o', > 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey' > , '-o', 'PasswordAuthentication=no', '-o', 'User=vagrant', '-o', > 'ConnectTimeout=10', '192.168.55.139', "/bin/sh -c 'mkdir -p > $HOME/.ansible/tmp/ansible-tmp-1399490355.47-128414001438969 && chmod a+rx > $HOME/.ansible/tmp/ansible-tmp-1399490355.47-128414001438969 && echo > $HOME/.ansible/tmp/ansible-tmp-1399490355.47-128414001438969'"] > <192.168.55.139> PUT > /var/folders/l2/22zwjkz106vdwz1846jp7d0w0000gn/T/tmpp_JWyh > TO /home/vagrant/.ansible/tmp/ansible-tmp-1399490355.47-128414001438969/ > git > <192.168.55.139> EXEC ['ssh', '-C', '-tt', '-vvv', '-o', > 'ForwardAgent=yes', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s' > , '-o', 'ControlPath=/Users/windbottle/.ansible/cp/ansible-ssh-%h-%p-%r', > '-o', 'StrictHostKeyChecking=no', '-o', 'Port=22', '-o', > 'IdentityFile=/Users/windbottle/.vagrant.d/insecure_private_key', '-o', > 'KbdInteractiveAuthentication=no', '-o', > 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey' > , '-o', 'PasswordAuthentication=no', '-o', 'User=vagrant', '-o', > 'ConnectTimeout=10', '192.168.55.139', "/bin/sh -c '/usr/bin/python > /home/vagrant/.ansible/tmp/ansible-tmp-1399490355.47-128414001438969/git; > rm -rf > /home/vagrant/.ansible/tmp/ansible-tmp-1399490355.47-128414001438969/ > >/dev/null 2>&1'"] > failed: [B612] => {"cmd": ["/usr/bin/git", "ls-remote", > "g...@bitbucket.org:someuser/somerepo.git", "-h", "refs/heads/HEAD"], > "failed": true, "item": "", "rc": 128} > stderr: Permission denied (publickey). > fatal: Could not read from remote repository. > > According to the above output, 'ForwardAgent=yes' is indeed there, so I > can't comprehend why the error. > > Calling on experts to shed some light on this issue. Thanks. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/bc527eed-3f7c-419f-b93b-898899b642a4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
