I’ve created a GitHub user on the target server with a private key in ~/.ssh/id_rsa (and added the public key to GitHub). If I “sudo su deploy” I can then clone my repo via the command line without error:
$ git clone git@github.com:me/my-repo.git target_folder
However, I cannot clone from my Ansible playbook using the git module:
yii.yml
Ansible version 1.5, from Ubuntu 13.10 to Ubuntu 12.04
We can’t be certain what user is executing the git command without seeing the -vvvv output from your play. The git module in 1.5 has a key_file parameter to pass in the path to an ssh key to use. Try passing the absolute path to your private key with that.
Added key_file parameter, same error. The fact that id_rsa cannot be accessed strongly suggests that my attempts to specify the user for the deploy role is not working, but I can’t think of any alternate syntax. I really need to run most of the tasks as “ubuntu” but the git deploy tasks as “ava-deploy”:
TASK: [yii-deploy | checkout yii-admin] ***************************************
<54.185.9.246> ESTABLISH CONNECTION FOR USER: ubuntu
<54.185.9.246> REMOTE_MODULE git repo=git@github.com:me/my-repo.git dest=/mnt/live/yii-admin accept_hostkey=yes key_file=/home/ava-deploy/.ssh/id_rsa
<54.185.9.246> EXEC [‘ssh’, ‘-C’, ‘-tt’, ‘-vvv’, ‘-o’, ‘ControlMaster=auto’, ‘-o’, ‘ControlPersist=60s’, ‘-o’, ‘ControlPath=/home/me/.ansible/cp/ansible-ssh-%h-%p-%r’, ‘-o’, ‘Port=22’, ‘-o’, ‘IdentityFile=creds/ubuntu_yii’, ‘-o’, ‘KbdInteractiveAuthentication=no’, ‘-o’, ‘PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey’, ‘-o’, ‘PasswordAuthentication=no’, ‘-o’, ‘User=ubuntu’, ‘-o’, ‘ConnectTimeout=10’, ‘xx.xxx.x.xxx’, “/bin/sh -c ‘mkdir -p $HOME/.ansible/tmp/ansible-tmp-1394145698.52-234897656048864 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1394145698.52-234897656048864 && echo $HOME/.ansible/tmp/ansible-tmp-1394145698.52-234897656048864’”]
<54.185.9.246> PUT /tmp/tmp7pXt8U TO /home/ubuntu/.ansible/tmp/ansible-tmp-1394145698.52-234897656048864/git
<54.185.9.246> EXEC [‘ssh’, ‘-C’, ‘-tt’, ‘-vvv’, ‘-o’, ‘ControlMaster=auto’, ‘-o’, ‘ControlPersist=60s’, ‘-o’, ‘ControlPath=/home/me/.ansible/cp/ansible-ssh-%h-%p-%r’, ‘-o’, ‘Port=22’, ‘-o’, ‘IdentityFile=creds/ubuntu_yii’, ‘-o’, ‘KbdInteractiveAuthentication=no’, ‘-o’, ‘PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey’, ‘-o’, ‘PasswordAuthentication=no’, ‘-o’, ‘User=ubuntu’, ‘-o’, ‘ConnectTimeout=10’, ‘xx.xxx.x.xxx’, “/bin/sh -c ‘/usr/bin/python /home/ubuntu/.ansible/tmp/ansible-tmp-1394145698.52-234897656048864/git; rm -rf /home/ubuntu/.ansible/tmp/ansible-tmp-1394145698.52-234897656048864/ >/dev/null 2>&1’”]
failed: [54.185.9.246] => {“cmd”: “/usr/bin/git ls-remote origin -h refs/heads/master”, “failed”: true, “item”: “”, “rc”: 128}
stderr: Warning: Identity file /home/ava-deploy/.ssh/id_rsa not accessible: Permission denied.
Permission denied (publickey).
fatal: The remote end hung up unexpectedly
msg: Warning: Identity file /home/ava-deploy/.ssh/id_rsa not accessible: Permission denied.
Permission denied (publickey).
fatal: The remote end hung up unexpectedly
FATAL: all hosts have already failed – aborting
You -are- connecting to the remote host as the ubuntu user. It’s also probably true that the ubuntu user can -not- read /home/ava-deploy/.ssh/ on that host.