My setup is a vagrant box whose provisioning is provided by ansible. I have
set up ssh agent forwarding from my local/host machine to the vagrant box
so that the user 'vagrant' can perform `git clone` on a private bitbucket
repo, which is configured to perform ssh key authentication.
To verify that the ssh agent forwarding works, I ssh'ed to the vagrant box
with the user 'vagrant' and I was able to perform `git clone` on the
mentioned remote repo, without setting up the required private key in the
vagrant box itself.
However, when ansible performs the same task via the git module it fails
with "*Permission denied (publickey)"* error
The play/task:
- name: Set up source
hosts: appserver
tasks:
- name: Git | Clone private repo from bitbucket
git:
repo="[email protected]:someuser/somerepo.git"
dest=/home/vagrant/example
The verbose output for the task:
TASK: [Git | Clone private repo from bitbucket] ****************
<192.168.55.139> ESTABLISH CONNECTION FOR USER: vagrant
<192.168.55.139> REMOTE_MODULE git repo=
"[email protected]:someuser/somerepo.git" dest=/home/vagrant/example
<192.168.55.139> EXEC ['ssh', '-C', '-tt', '-vvv', '-o', 'ForwardAgent=yes',
'-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o',
'ControlPath=/Users/windbottle/.ansible/cp/ansible-ssh-%h-%p-%r', '-o',
'StrictHostKeyChecking=no', '-o', 'Port=22', '-o',
'IdentityFile=/Users/windbottle/.vagrant.d/insecure_private_key', '-o',
'KbdInteractiveAuthentication=no', '-o',
'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey',
'-o', 'PasswordAuthentication=no', '-o', 'User=vagrant', '-o',
'ConnectTimeout=10', '192.168.55.139', "/bin/sh -c 'mkdir -p
$HOME/.ansible/tmp/ansible-tmp-1399490355.47-128414001438969 && chmod a+rx
$HOME/.ansible/tmp/ansible-tmp-1399490355.47-128414001438969 && echo
$HOME/.ansible/tmp/ansible-tmp-1399490355.47-128414001438969'"]
<192.168.55.139> PUT /var/folders/l2/22zwjkz106vdwz1846jp7d0w0000gn/T/tmpp_JWyh
TO /home/vagrant/.ansible/tmp/ansible-tmp-1399490355.47-128414001438969/git
<192.168.55.139> EXEC ['ssh', '-C', '-tt', '-vvv', '-o', 'ForwardAgent=yes',
'-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o',
'ControlPath=/Users/windbottle/.ansible/cp/ansible-ssh-%h-%p-%r', '-o',
'StrictHostKeyChecking=no', '-o', 'Port=22', '-o',
'IdentityFile=/Users/windbottle/.vagrant.d/insecure_private_key', '-o',
'KbdInteractiveAuthentication=no', '-o',
'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey',
'-o', 'PasswordAuthentication=no', '-o', 'User=vagrant', '-o',
'ConnectTimeout=10', '192.168.55.139', "/bin/sh -c '/usr/bin/python
/home/vagrant/.ansible/tmp/ansible-tmp-1399490355.47-128414001438969/git;
rm -rf
/home/vagrant/.ansible/tmp/ansible-tmp-1399490355.47-128414001438969/
>/dev/null 2>&1'"]
failed: [B612] => {"cmd": ["/usr/bin/git", "ls-remote",
"[email protected]:someuser/somerepo.git", "-h", "refs/heads/HEAD"],
"failed": true, "item": "", "rc": 128}
stderr: Permission denied (publickey).
fatal: Could not read from remote repository.
According to the above output, 'ForwardAgent=yes' is indeed there, so I
can't comprehend why the error.
Calling on experts to shed some light on this issue. Thanks.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/3eb54ed6-30ca-47dd-b4dd-6396ef5bf223%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
