Sorry, I wasn't as clear as I thought/wanted. ~/.ssh/config has a host entry that sets up an alias from gh to github.com.
After the playbook has run, I can go through the repositories that were cloned as ssh://[email protected]/me/{{item}} and run "git remote set-url ssh://gh/me/{{item}}" in each cloned repo to get things configured the way I think I want. (I can unsuccessfully ssh and pull/push without a hitch). I thought this might be the key to my problem: I'm using a static hosts file, with 2 groups. This host is the only one in both groups. One group uses a sudoer (for configuring the big-picture OS parts), the other a regular user that I want to use for day-to-day work. I'd been using the playbooks to control which user does what, based on the hosts associated with the playbook. For the first step this time around, I had to comment out the non-privileged group to keep it from overriding the user settings from the privileged group. Running with -vvvv verified that ansible is connecting as the normal user I want for this play (so that user's ~/.ssh/config should be in effect...shouldn't it?) Completely commenting the "privileged" group out of hosts didn't make any difference that I can see. Just for the sake of completeness, my hosts file looks like: [sudoer] #10.0.3.152 ansible_ssh_user=special ansible_ssh_pass=1234 ansible_sudo_pass=1234 [normal] 10.0.3.152 ansible_ssh_user=normal ansible_ssh_pass=5678 Just for grins, I added a play directly above the one for cloning the repos: - name: Check ssh remote_user: normal command: ssh gh It failed (as expected) with: "stderr: PTY allocation request failed on channel 0 Hi me! You've successfully authenticated, but GitHub does not provide shell access. Connection to github.com closed." Which seems...really weird to me. It doesn't looks like the git module is doing anything except building up a command line to basically do this. That led me to try some other command-based plays to clone repos without looping: - name: https clone remote_user: normal command: git clone https://github.com/me/foo.git * [worked] - name: alt ssh clone remote_user: normal command: git clone ssh://[email protected]/me/baz.git * [Permission denied (publickey).] - name: check ssh remote_user: normal command: git clone ssh://gh/me/quux.git * [worked] Which leaves me more confused. How is the git module managing to clone a url that my "alt ssh clone" refused? On nights like this, when I've been staring at all the tickets about github and ssh that might possibly be related, I wonder if the people at ansible ever curse at the whim that led them to decide to support a monstrosity like this. Since, after all, I am *not* the target market. Don't get me wrong. I appreciate how much easier you've made my life. I'm just having flashbacks to all those bugs that refuse to admit that I fixed them. And feeling bad because I don't know your code base well enough yet to have fixed this myself. Thank you, James On Thu, Aug 14, 2014 at 6:54 AM, Michael DeHaan <[email protected]> wrote: > Can you ping "gh" from that host and is it available in DNS? > > > > > On Thu, Aug 14, 2014 at 12:32 AM, James Gatannah <[email protected]> > wrote: >> >> I'm updating a project (setting up a disposable dev environment) from >> ansible 1.6.2 to 1.7. (Installed and upgraded using pip into a venv). >> >> I've been setting up a user on the host that I'm configuring, with a full >> set of files in .ssh for things like the config (to assign an alias to >> github), known_hosts, and my key to connect to github. >> >> I have a play that used to look like: >> >> - name: Clone repositories >> git: force=no >> repo=ssh://gh/me/{{ item }}.git >> dest=/home/foo/projects={{ item }} >> key_file=/home/foo/.ssh/github_key >> recursive=yes >> update=yes >> accept_hostkey=yes >> with_items: >> - bar >> - baz >> - quux >> >> After the upgrade, I started getting this error from each repo: >> >> failed: [host] => (item=...) => {"failed": true, "item": "..."} >> msg: failed to add gh hostkey: getaddrinfo gh: No address associated with >> hostname >> >> Getting rid of accept_hostkey=yes switched the error message to: >> msg: gh has an unknown hostkey. Set accept_hostkey to True or manually add >> the hostkey prior to running the git module >> >> I did notice some messages about adding 192.30.252.128 (along with .130) >> to my list of known_hosts when >> I ssh'd in or cloned the repo manually. (That doesn't seem relevant, but >> the address looked suspicious to me). >> >> The host that I'm configuring is running ubuntu trusty, inside an lxc. >> >> Changing the repo address to ssh://[email protected]/me/{{ item }}.git seemed >> to have fixed the problem at first glance. >> >> But now I can't actually connect to any of those projects that I just >> cloned. "Permission denied (publickey)." >> >> I can go through and run "git set-url" on each repo to go back to using >> what I think I actually want, but that's a huge part of the pain I use >> ansible to avoid. >> >> Have I missed something about this over the past few months? Or in the >> docs? Is this intended behavior and I'm missing something obvious? >> >> Thanks, and apologies in advance if this is noise, >> James >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> >> To post to this group, send email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/cb539d5b-355b-438e-bd60-a7622147abde%40googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. > > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Ansible Project" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ansible-project/onb0iDUB7ik/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgzZC68jYTagSbHfgHD%2BPxEX6h-YrKxeX63q7keW%3Dyij5Q%40mail.gmail.com. > > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAEwYyJ5Mb1gDr8FMrj911g3uKY0BYfH7WSbkXU3DeUkRR0ZOCg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
