我遵循的步骤是:
- 以root用户身份安全登录
- 更新服务器协议
- 创建名为deploy的用户
- 从bitbucket.org克隆Git存储库
我想使用ssh转发方法在主目录中以部署用户的身份克隆存储库。
但问题是,即使通过ssh转发,我也无法获得权限,错误返回为:无权访问存储库。
我的库存文件:
[production]
rails ansible_host=(my host ip) ansible_user=ubuntu
我的ansible.cfg文件如下所示:
[ssh_connection]
pipelining=True
ssh_args = -o ForwardAgent=true
我的剧本是这样的:
---
- hosts: production
remote_user: root
become: yes
tasks:
- name: Update all packages to latest version
apt:
upgrade: dist
- add deploy user tasks here
(deploy user add task)
- name: APP | Clone repo
git:
repo: git@github.com:e911/Nepali-POS-Tagger.git
dest: home/deploy/myproject
accept_hostkey: true
force: true
become: yes
become_user: deploy
tags: app
我的部署用户已创建,但由于某些原因,我无法将该用户克隆为部署用户。它没有访问权限。我研究过,认为这似乎是因为没有附加ssh密钥。当我以ubuntu身份登录并将用户切换为deploy时,附加的密钥不会转发到deploy。但我无法找到解决方案。你如何解决这个问题?或者我在这里做错了什么?
以下是错误片段:
fatal: [rails]: FAILED! => {
"changed": false,
"cmd": "/usr/bin/git clone --origin origin '' /home/deploy/myproject",
"invocation": {
"module_args": {
"accept_hostkey": true,
"archive": null,
"bare": false,
"clone": true,
"depth": null,
"dest": "/home/deploy/myproject",
"executable": null,
"force": true,
"gpg_whitelist": [],
"key_file": null,
"recursive": true,
"reference": null,
"refspec": null,
"remote": "origin",
"repo": "git@github.com:e911/Nepali-POS-Tagger.git",
"separate_git_dir": null,
"ssh_opts": null,
"track_submodules": false,
"umask": null,
"update": true,
"verify_commit": false,
"version": "HEAD"
}
},
"msg": "",
"rc": 128,
"stderr": "Cloning into '/home/deploy/myproject'...ngit@github.com: Permission denied (publickey).rnfatal: Could not read from remote repository.nnPlease make sure you have the correct access rightsnand the repository exists.n",
"stderr_lines": [
"Cloning into '/home/deploy/myproject'...",
"git@github.com: Permission denied (publickey).",
"fatal: Could not read from remote repository.",
"",
"Please make sure you have the correct access rights",
"and the repository exists."
],
"stdout": "",
"stdout_lines": []
}
我在这里尝试过解决方案:在Git克隆中,Ansible和Git Permission被拒绝(公钥(,但无济于事。
我们有另一种解决方案,使用HTTP
而不是SSH
:
对于GitHub:
- 从链接生成
Token
:https://github.com/settings/tokens - 授予
scope: repo
权限(完全控制私有存储库( - 使用该令牌
git+https://<TOKEN>:x-oauth-basic@github.com/<ORGANIZATION>/<REPO>.git#<BRANCH>
对于BitBucket:
- 从链接为您的回购生成随机
Password
:https://bitbucket.org/account/settings/app-passwords - 授予作用域
Repositories: Read
的权限 - 使用该密码将您的回购克隆为:
git clone https://<USERNAME>:<GENERATED_PASSWORD>@bitbucket.org/<ORGANIZATION>/<REPO>.git
希望这能成为解决方案的替代方案。