I am trying to deploy apps using Ansible playbook and builtin git module. But seems to Ansible didn't interpolate git repository url to the command.
Variables from inventory are present. Values are correct. And private key permissions are: .ssh dir - 0700, public keys - 644, private keys: 0600. User and group is ec2_user.
---
servers:
hosts:
"<ip_address>":
ansible_user: "ec2-user"
ansible_group: "ec2-user"
...
web:
git:
public_key: "./.certs/github.web.id_rsa.pub"
private_key: "./.certs/github.web.id_rsa"
repo: "git@github.com:<organisation>/web-repo-name.git"
...
data:
git:
public_key: "./.certs/github.data.id_rsa.pub"
private_key: "./.certs/github.data.id_rsa"
repo: "git@github.com:<organisation>/data-repo-name.git"
...
Playbook
- name: Ensure .ssh directory exists.
ansible.builtin.file:
path: "/home/{{ansible_user}}/.ssh"
state: directory
mode: 0700
owner: '{{ansible_user}}'
group: '{{ansible_user}}'
register: command_output
- ansible.builtin.debug:
msg: "{{command_output}}"
- name: Ensure GitHub private deploy key is present on the server.
ansible.builtin.copy:
content: "{{ item }}"
dest: "/home/{{ansible_user}}/.ssh/{{ item | basename }}"
with_items:
- "{{ web.git.private_key }}"
- "{{ web.git.public_key }}"
- "{{ data.git.private_key }}"
- "{{ data.git.public_key }}"
register: command_output
- debug:
msg: "{{ command_output }}"
- name: Ensure permissions for private keys.
ansible.builtin.file:
path: "/home/{{ansible_user}}/.ssh/{{ item | basename }}"
state: file
mode: 0600
owner: '{{ansible_user}}'
group: '{{ansible_user}}'
with_items:
- "{{ web.git.private_key }}"
- "{{ data.git.private_key }}"
register: command_output
- ansible.builtin.debug:
msg: "{{command_output}}"
- name: Ensure permissions for public keys.
ansible.builtin.file:
path: "/home/{{ansible_user}}/.ssh/{{ item | basename }}"
state: file
mode: 0644
owner: '{{ansible_user}}'
group: '{{ansible_user}}'
with_items:
- "{{ web.git.public_key }}"
- "{{ data.git.public_key }}"
register: command_output
- ansible.builtin.debug:
msg: "{{command_output}}"
- name: Ensure .ssh directory exists.
ansible.builtin.file:
path: "/home/{{ansible_user}}/.ssh"
state: directory
mode: 0700
owner: '{{ansible_user}}'
group: '{{ansible_user}}'
register: command_output
- ansible.builtin.debug:
msg: "{{command_output}}"
- name: Ensure GitHub private deploy key is present on the server.
ansible.builtin.copy:
content: "{{ item }}"
dest: "/home/{{ansible_user}}/.ssh/{{ item | basename }}"
with_items:
- "{{ web.git.private_key }}"
- "{{ web.git.public_key }}"
- "{{ data.git.private_key }}"
- "{{ data.git.public_key }}"
register: command_output
- debug:
msg: "{{ command_output }}"
- name: Ensure permissions for private keys.
ansible.builtin.file:
path: "/home/{{ansible_user}}/.ssh/{{ item | basename }}"
state: file
mode: 0600
owner: '{{ansible_user}}'
group: '{{ansible_user}}'
with_items:
- "{{ web.git.private_key }}"
- "{{ data.git.private_key }}"
register: command_output
- ansible.builtin.debug:
msg: "{{command_output}}"
- name: Ensure permissions for public keys.
ansible.builtin.file:
path: "/home/{{ansible_user}}/.ssh/{{ item | basename }}"
state: file
mode: 0644
owner: '{{ansible_user}}'
group: '{{ansible_user}}'
with_items:
- "{{ web.git.public_key }}"
- "{{ data.git.public_key }}"
register: command_output
- ansible.builtin.debug:
msg: "{{command_output}}"
...
- name: Clone repositories to workdirs
hosts: servers
remote_user: '{{ansible_user}}'
tasks:
- name: Clone a data github repository
ansible.builtin.git:
accept_hostkey: true
key_file: "/home/{{ansible_user}}/.ssh/{{ data.git.private_key | basename }}"
repo: "{{ data.git.repo }}"
version: master
dest: /opt/app/data
clone: yes
update: yes
register: command_output
- ansible.builtin.debug:
msg: "{{command_output}}"
- name: Clone a web github repository
ansible.builtin.git:
accept_hostkey: true
key_file: "/home/{{ansible_user}}/.ssh/{{ web.git.private_key | basename }}"
repo: "{{ web.git.repo }}"
version: master
dest: /opt/app/web
clone: yes
update: yes
register: command_output
- ansible.builtin.debug:
msg: "{{command_output}}"
Receiving next error:
TASK [Gathering Facts] *************************************************************************************************************************************************
ok: [18.170.237.197]
TASK [Clone a data github repository] **********************************************************************************************************************************
fatal: [18.170.237.197]: FAILED! => {"changed": false, "cmd": "/usr/bin/git clone --origin origin '' /opt/app/data", "msg": "Cloning into '/opt/app/data'...\nLoad key \"/home/ec2-user/.ssh/github.data.codenv.top.id_rsa\":********@github.com: Permission denied (publickey).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.", "rc": 128, "stderr": "Cloning into '/opt/app/data'...\nLoad key \"/home/ec2-user/.ssh/github.data.codenv.top.id_rsa\": error in libcrypto\r\ngit@github.com: Permission denied (publickey).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n", "stderr_lines": ["Cloning into '/opt/app/data'...", "Load key \"/home/ec2-user/.ssh/github.data.codenv.top.id_rsa\": error in libcrypto", "git@github.com: Permission denied (publickey).", "fatal: Could not read from remote repository.", "", "Please make sure you have the correct access rights", "and the repository exists."], "stdout": "", "stdout_lines": []}
PLAY RECAP *************************************************************************************************************************************************************
Found cause.
I provided git-ssh link without schema name and used semicolon instead of slash after repository host name:
Wrong:
"git@github.com:organization/web.git"
Correct:
"git+ssh://git@github.com/organization/web.git"