Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Ansible: how to clone a repository as other user

I'm trying to write deployments rules with Ansible. Some of the steps are:

  1. Update and Upgrade Server
  2. Create a user called harry
  3. Add Public and Private keys to harry
  4. Clone a Git Repository from bitbucket.org

I want to clone the repository as harry user in his home directory (that's why I'm copying it's public and private keys). The issue is that it is not possible to specifiy a user the git clone must be executed as. So Ansible try to clone the repository as root and failed because he doesn't have rights to access the repository.

How do you solve this ?

like image 806
Alex Grs Avatar asked Jul 26 '15 18:07

Alex Grs


People also ask

How do I clone a git repository in Ansible?

Log onto your Ansible controller and run the below ansible command to connect ( -m ansible. builtin. git ) to the host ( web ). The command passes an argument ( -a ) that tells Ansible to clone ( clone=yes ) the content from the repository ( repo ) to a destination ( dest=/tmp/clone_test ) on the remote host.

How do I clone an entire repository?

The idea is to use the git-clone to clone the repository. This will automatically fetch all the branches and tags in the cloned repository. To check out the specific branch, you can use the git-checkout command to create a local tracking branch.


1 Answers

As per Ansible's documentation on Privilege Escalation, Ansible has limitations on becoming an unprivileged user as it exposes a security hole to Harry.

Using the Ansible git module, you can specify to use Harry's private key from the privileged Ansible user using the key_file parameter, and using become_user allows the cloned files to be given ownership to Harry. For example:

- name: Clone bitbucket repo
  git:
    repo: [email protected]:your-repo.git
    dest: /var/www/
    version: master
    accept_hostkey: yes
    key_file: /home/harry/.ssh/id_rsa
  become: yes
  become_user: harry
like image 192
Willem van Ketwich Avatar answered Sep 20 '22 15:09

Willem van Ketwich