Sorry for the extra long delay in responding but I didn't your reply come
in and I had been doing the git pulls manually just to get past it. I have
been revisiting the issue since we may be moving to AWS and I've been
trying to setup some new playbook to cover everything.
I've been relying on agent forwarding, not actually copying over the
private key.
Public still works. But Private is still giving me fits. My playbook is
almost identical to the one you posted. Except I ran on the remote server
and not localhost
- I verified that AgentForwarding is being used "EXEC ssh -C -tt -vvv -o
ForwardAgent=yes -" is in the log
- If I do basically the exact same steps manually it works.(using same SSH
keypair to login to the same server)
- "ssh -T g...@github.com" works natively on the server via SSH, but fails
when run via playbook
- name: Execute command - check SSH-key access to GitHub
command: /usr/bin/ssh -T g...@github.com
the output with server ID obscured
TASK: [Execute command - check SSH-key access to GitHub]
**********************
failed: [ec2-00-00-00-00.us-xxxxx-2.compute.amazonaws.com] => {"changed":
true, "cmd": ["/usr/bin/ssh", "-T", "g...@github.com"], "delta":
"0:00:00.496378", "end": "2015-07-21 19:51:54.642785", "rc": 255, "start":
"2015-07-21
19:51:54.146407", "warnings": []}
stderr: Permission denied (publickey).
FATAL: all hosts have already failed -- aborting
I am going to a Ubuntu14LTS server and running Ver1.9.2 of ansible now,
but and earlier version during my prior attempts
Any Solid clues appreciated. I'm still digging thru the other threads but
nothing matches yet.
Paul
On Wednesday, February 4, 2015 at 12:36:13 PM UTC-5, tkuratomi wrote:
>
> Private repositories should work. Here's a playbook I just ran to test:
>
> ---
> - hosts: localhost
> tasks:
> - git:
> repo: g...@github.com:ansible/****.git
> accept_hostkey: True
> dest: /var/tmp/private-checkout
>
>
> From the sounds of it, I think you're right about the ssh key not
> being used is the culprit. So my question would be how are you
> setting things up so that ssh key is found and used by ansible? Are
> you relying on ssh-agent forwarding or are you copying the private key
> to the remote server beforehand? Is the key available to the correct
> remote account user? etc.
>
> -Toshio
>
> On Wed, Feb 4, 2015 at 9:16 AM, Paul Hardwick <phar...@thinaire.net
> <javascript:>> wrote:
> > OK let me try this a different way.
> >
> > First let me verify that should work for Private repositories and not
> just
> > Public ones.
> >
> > Are there any special options that need/should be added to the master
> config
> > file or as options when calling the containing Playbook?
> >
> > Any ideas or even questions that might point me in the right direction
> > appreciated.
> >
> >
> > On Friday, January 16, 2015 at 5:47:28 PM UTC-5, Paul Hardwick wrote:
> >>
> >> Hello Ansiblers,
> >>
> >> I am trying use ansible to bring in a Private GITHUB repository and am
> >> having issues and getting "Permission denied (publickey)." I've done
> some
> >> digging and checked the ideas I came across on the mailing list so far,
> but
> >> none of them have worked.
> >>
> >> - I've opened up the ports in the outbound firewall
> >> - If I do a public repo it works fine, so its not an issue reaching
> GITHUB
> >> in general just the Private repositories.
> >> - If I try to clone the Private repository manually on the destination
> >> server it works correctly
> >> - GitHub ssh-key access test ( ssh -T g...@github.com <javascript:> )
> works on box
> >> directly but fails under Ansible in a playbook using command.
> >>
> >> So it would seem like the SSH key info isn't being passed along. BTW
> I've
> >> tried the github ssh-key test both with and without SUDO auth. And it
> fails
> >> either way. The SSH-key is the same for my SSH login and github.
> >>
> >> I have included the log of the original failure and the github test for
> >> recognition of the users SSH-Key
> >>
> >> Any clues of things I can check or what I might be doing wrong would be
> >> appreciated.
> >>
> >> Thanks,
> >> Paul
> >>
> >> ================ Start - from playbook output that fails ===
> >>>
> >>> TASK: [git repo=g...@github.com:GitUserName/GitRepoName.git
> >>> dest=/usr/local/GitUserName/ansible-examples-ta4 version=HEAD
> >>> accept_hostkey=yes] ***
> >>> <111.222.333.444> REMOTE_MODULE git
> >>> repo=g...@github.com:GitUserName/GitRepoName.git
> >>> dest=/usr/local/GitUserName/ansible-examples-ta4 version=HEAD
> >>> accept_hostkey=yes
> >>> failed: [bbb-sandbox-a-pub] => {"cmd": "/usr/bin/git ls-remote
> >>> g...@github.com:GitUserName/GitRepoName.git -h refs/heads/HEAD",
> "failed":
> >>> true, "rc": 128}
> >>> stderr: Permission denied (publickey).
> >>> fatal: The remote end hung up unexpectedly
> >>> msg: Permission denied (publickey).
> >>> fatal: The remote end hung up unexpectedly
> >>> FATAL: all hosts have already failed -- aborting
> >>
> >> ============== End - from playbook output that fails ===
> >>
> >> ================ Start - from Github SSH-key test that fails ===
> >>>
> >>> TASK: [Execute command - check SSH-key access to GitHub]
> >>> **********************
> >>> <111.222.333.444> ESTABLISH CONNECTION FOR USER: MyUbuntuUser
> >>> <111.222.333.444> REMOTE_MODULE command /usr/bin/ssh -T
> g...@github.com <javascript:>
> >>> <111.222.333.444> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
> >>> ControlPersist=60s -o
> >>> ControlPath="/Users/MyOSXuser/.ansible/cp/ansible-ssh-%h-%p-%r" -o
> Port=8023
> >>> -o KbdInteractiveAuthentication=no -o
> >>>
> PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
> -o
> >>> PasswordAuthentication=no -o User=MyUbuntuUser -o ConnectTimeout=10
> >>> 111.222.333.444 /bin/sh -c 'mkdir -p
> >>> $HOME/.ansible/tmp/ansible-tmp-1421445689.53-55058409970052 && chmod
> a+rx
> >>> $HOME/.ansible/tmp/ansible-tmp-1421445689.53-55058409970052 && echo
> >>> $HOME/.ansible/tmp/ansible-tmp-1421445689.53-55058409970052'
> >>> <111.222.333.444> PUT
> >>> /var/folders/jv/z2wn_pn52l76vtv84tsj2yf40000gx/T/tmpodUAD4 TO
> >>>
> /home/MyUbuntuUser/.ansible/tmp/ansible-tmp-1421445689.53-55058409970052/command
>
>
> >>> <111.222.333.444> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
> >>> ControlPersist=60s -o
> >>> ControlPath="/Users/MyOSXuser/.ansible/cp/ansible-ssh-%h-%p-%r" -o
> Port=8023
> >>> -o KbdInteractiveAuthentication=no -o
> >>>
> PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
> -o
> >>> PasswordAuthentication=no -o User=MyUbuntuUser -o ConnectTimeout=10
> >>> 111.222.333.444 /bin/sh -c 'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8
> >>> /usr/bin/python
> >>>
> /home/MyUbuntuUser/.ansible/tmp/ansible-tmp-1421445689.53-55058409970052/command;
>
>
> >>> rm -rf
> >>>
> /home/MyUbuntuUser/.ansible/tmp/ansible-tmp-1421445689.53-55058409970052/
> >>> >/dev/null 2>&1'
> >>> failed: [bbb-sandbox-a-pub] => {"changed": true, "cmd":
> ["/usr/bin/ssh",
> >>> "-T", "g...@github.com <javascript:>"], "delta": "0:00:00.113147",
> "end": "2015-01-16
> >>> 22:01:21.784784", "rc": 255, "start": "2015-01-16 22:01:21.671637",
> >>> "warnings": []}
> >>> stderr: Permission denied (publickey).
> >>> FATAL: all hosts have already failed -- aborting
> >>> PLAY RECAP
> >>> ********************************************************************
> >>
> >> ====================== End - from Github SSH-key test that fails ===
> >>
> >> ======================= Start - ansible version info ===
> >>>
> >>> $ ansible --version
> >>> ansible 1.8.2
> >>> configured module search path = None
> >>
> >> ====================== End - ansible version info ===
> >>
> > --
> > You received this message because you are subscribed to the Google
> Groups
> > "Ansible Project" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an
> > email to ansible-proje...@googlegroups.com <javascript:>.
> > To post to this group, send email to ansible...@googlegroups.com
> <javascript:>.
> > To view this discussion on the web visit
> >
> https://groups.google.com/d/msgid/ansible-project/29af652d-0bed-484b-a86d-2c63dfd4b482%40googlegroups.com.
>
>
> >
> > For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/bbd63979-63a3-48d7-8b60-238fd98f6355%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
