I'm trying to write deployments rules with Ansible. Some of the steps are:
I want to clone the repository as harry
user in his home directory (that's why I'm copying it's public and private keys). The issue is that it is not possible to specifiy a user the git clone must be executed as. So Ansible try to clone the repository as root and failed because he doesn't have rights to access the repository.
How do you solve this ?
Log onto your Ansible controller and run the below ansible command to connect ( -m ansible. builtin. git ) to the host ( web ). The command passes an argument ( -a ) that tells Ansible to clone ( clone=yes ) the content from the repository ( repo ) to a destination ( dest=/tmp/clone_test ) on the remote host.
The idea is to use the git-clone to clone the repository. This will automatically fetch all the branches and tags in the cloned repository. To check out the specific branch, you can use the git-checkout command to create a local tracking branch.
As per Ansible's documentation on Privilege Escalation, Ansible has limitations on becoming an unprivileged user as it exposes a security hole to Harry.
Using the Ansible git module, you can specify to use Harry's private key from the privileged Ansible user using the key_file
parameter, and using become_user
allows the cloned files to be given ownership to Harry. For example:
- name: Clone bitbucket repo
git:
repo: [email protected]:your-repo.git
dest: /var/www/
version: master
accept_hostkey: yes
key_file: /home/harry/.ssh/id_rsa
become: yes
become_user: harry
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With