当前位置: 文江博客 话题详情

git致命错误试图直接从Ansible克隆

发布于 2025-02-04 05:12:11 字数 1197 浏览 4 评论 0 原文

我正在使用Ansible(Trellis)来部署我的项目。

我在Github上有一个仓库。

我的Ansible代码

- name: UPDATE - Clone project files
  become: yes
  # become_user: "{{ project.user.name | default(ansible_web_user) }}"
  git:
    repo: "{{ project.git.ssh }}"
    dest: "{{ project_root }}/shared/source"
    version: "{{ project.git.branch | default('master') }}"
    accept_hostkey: "{{ project.git.accept_hostkey | default(repo_accept_hostkey | default(true)) }}"
    force: yes
    # key_file: "/root/.ssh/id_rsa.pub"
  ignore_errors: false
  no_log: false
  register: git_clone

这是我有时候

,因为没有明显原因出现此错误

失败! => {“更改”:false,“ cmd”:“/usr/bin/git ls -remote rient -h refs/head/master”,“ msg”:“ fatal:'Origin'似乎不是Git存储库\ nfatal:无法从远程存储库中读取。\ n \ nplease确保您拥有正确的访问权限\ n和存储库存在。 git存储库\ nfatal:无法从远程存储库中读取。\ n \ nplease请确保您拥有正确的访问权限\ nand。成为一个git存储库“,“致命:无法从远程存储库中读取。”,“”,“请确保您拥有正确的访问权限”,并且存储库存在。”],“ stdout”:“”:“”,“” stdout_lines”:[]}

我尝试了几种解决方案,甚至删除了 forwardagent ,并将 key_file 直接强制到GIT调用中。它仍然返回错误。

但是,如果我通过SSH连接到目标机器,并尝试执行 git克隆.... 一切都起作用。

我不明白问题是什么。

原文

I'm using ansible (Trellis) to deploy my projects.

I have a repo on github.

This is my ansible code

- name: UPDATE - Clone project files
  become: yes
  # become_user: "{{ project.user.name | default(ansible_web_user) }}"
  git:
    repo: "{{ project.git.ssh }}"
    dest: "{{ project_root }}/shared/source"
    version: "{{ project.git.branch | default('master') }}"
    accept_hostkey: "{{ project.git.accept_hostkey | default(repo_accept_hostkey | default(true)) }}"
    force: yes
    # key_file: "/root/.ssh/id_rsa.pub"
  ignore_errors: false
  no_log: false
  register: git_clone

For some days this error has appeared for no apparent reason, nothing has changed

FAILED! => {"changed": false, "cmd": "/usr/bin/git ls-remote origin -h refs/heads/master", "msg": "fatal: 'origin' does not appear to be a git repository\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.", "rc": 128, "stderr": "fatal: 'origin' does not appear to be a git repository\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n", "stderr_lines": ["fatal: 'origin' does not appear to be a git repository", "fatal: Could not read from remote repository.", "", "Please make sure you have the correct access rights", "and the repository exists."], "stdout": "", "stdout_lines": []}

I've tried several solutions, even removing the forwardAgent and forcing the key_file directly into the git call. It still returns an error.

But if I connect via ssh to the target machine and try to do a git clone .... everything works.

I don't understand what the problem could be.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

野却迷人 2025-02-11 05:12:11

总结

几个月前,我也遇到了这一点:

  • 用例:使用Ansible和git部署应用程序,并使用: 
       - 名称:“ git clone”
    git:
      repo:“ ssh://  [email  procect]  emply] /where/loderaver/ git”
      accept_hostkey:是的
      key_file:“/foo/bar/{{deployment_name}}/。ssh/id_rsa”
      dest:“/foo/bar/{{deployment_name}}/foofoo/barbar”
      版本:“ {{my_version}}”
  • 症状
    • Ansible Expantions运行git突然停止工作(在易于升级之后)
    • 在同一克隆中手动运行git正常工作,问题仅在Ansible下出现

根本原因似乎是Ansible正在运行git作为root (或 susty_user ),而磁盘上的git克隆(故意)由其他人拥有。

另外,消息“'Origin'似乎不是Git中的git存储库” 是误导性的。

调试

我必须采取绝望的措施来揭示这一点,即用:查看/usr/bin/git 使用:

#!/bin/bash
mkdir -p /tmp/git-db < /dev/null || exit 1
env        < /dev/null > /tmp/git-db/git.$.env   2> /tmp/git-db/err
echo "$@"  < /dev/null > /tmp/git-db//git.$.args 2> /tmp/git-db/err
pwd        < /dev/null > /tmp/git-db//git.$.pwd  2> /tmp/git-db/err
id         < /dev/null > /tmp/git-db//git.$.id   2> /tmp/git-db/err
#sleep 3600  < /dev/null                            2> /tmp/git-db/err
exec /usr/bin/git.real "$@"

查看/tmp/git-db/git。*。 /code> files(和 ps 启用睡眠)表明Ansible正在运行/usr/bin/git作为root。测试git作为词根,给出了已经发布的解决方法的线索:

root@foo-app01:/data/www/foo/foobar# git status
fatal: unsafe repository ('/data/www/foo/foobar' is owned by someone else)
To add an exception for this directory, call:

        git config --global --add safe.directory /data/www/foo/foobar

重现Ansible实际上会在产生的相同的错误消息上cho的GIT调用:

root@foo-app01:/data/www/foo/foobar# GIT_SSH_OPTS=-o StrictHostKeyChecking=no GIT_KEY=/data/www/foo/.ssh/id_rsa /usr/bin/git.real ls-remote origin -h refs/heads/master
fatal: 'origin' does not appear to be a git repository
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

已经提到的OP,将目标计算机的目录在目标计算机的GIT中列出了。配置围绕该问题工作:(

编辑:用idempotent语法替换为“ - add”,lust-add将冗余行附加到您的/root/.gitconfig上每个执行(请参阅 git> git-config(1)

- name: "Patch /root/.gitconfig"
  # This invocation (without --add, with the dir name twice) is idempotent
  command: |-
    git config --global safe.directory /data/www/{{ foo }}/{{ bar}} /data/www/{{ foo }}/{{ bar}}

> 调用没有效果

- name: "Git clone"
  become_user: foobar
  become: true
  git:
    repo: "ssh://[email protected]/somewhere/something.git"
    accept_hostkey: yes
    key_file: "/foo/bar/{{ deployment_name }}/.ssh/id_rsa"
    dest: "/foo/bar/{{ deployment_name }}/foofoo/barbar"
    version: "{{ my_version }}"

。和6.2.0(使用PIP安装)。

Summary

I also ran into this a few months ago:

  • Use case: application being deployed using Ansible and git, with an invocation like: 
      - name: "Git clone"
    git:
      repo: "ssh://[email protected]/somewhere/something.git"
      accept_hostkey: yes
      key_file: "/foo/bar/{{ deployment_name }}/.ssh/id_rsa"
      dest: "/foo/bar/{{ deployment_name }}/foofoo/barbar"
      version: "{{ my_version }}"
  • Symptoms:
    • An Ansible deployment running git suddenly stopped working (after an apt-get upgrade)
    • Running git manually in the same clone works normally, problem only appears under Ansible

The root cause seems to be that Ansible is running git as root (or become_user), while the git clone on disk is (on purpose) owned by someone else.

Also, the message "'origin' does not appear to be a git repository" from git is misleading.

Debugging

I had to resort to desperate measures to uncover this, though, namely replacing /usr/bin/git with:

#!/bin/bash
mkdir -p /tmp/git-db < /dev/null || exit 1
env        < /dev/null > /tmp/git-db/git.$.env   2> /tmp/git-db/err
echo "$@"  < /dev/null > /tmp/git-db//git.$.args 2> /tmp/git-db/err
pwd        < /dev/null > /tmp/git-db//git.$.pwd  2> /tmp/git-db/err
id         < /dev/null > /tmp/git-db//git.$.id   2> /tmp/git-db/err
#sleep 3600  < /dev/null                            2> /tmp/git-db/err
exec /usr/bin/git.real "$@"

Looking at the /tmp/git-db/git.*.id files (and ps with the sleep enabled) showed that ansible was running /usr/bin/git as root. Testing git as root on the gave a clue to the workaround OP already posted:

root@foo-app01:/data/www/foo/foobar# git status
fatal: unsafe repository ('/data/www/foo/foobar' is owned by someone else)
To add an exception for this directory, call:

        git config --global --add safe.directory /data/www/foo/foobar

Reproducing the git invocation that Ansible actually chokes on produced the same broken error message we've seen:

root@foo-app01:/data/www/foo/foobar# GIT_SSH_OPTS=-o StrictHostKeyChecking=no GIT_KEY=/data/www/foo/.ssh/id_rsa /usr/bin/git.real ls-remote origin -h refs/heads/master
fatal: 'origin' does not appear to be a git repository
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Workaround

As OP already mentioned, whitelisting the directory in the target machine's git configuration works around the issue:

(EDIT: replaced "--add" with idempotent syntax. Using --add appends redundant lines to your /root/.gitconfig on every execution (see git-config(1)).

- name: "Patch /root/.gitconfig"
  # This invocation (without --add, with the dir name twice) is idempotent
  command: |-
    git config --global safe.directory /data/www/{{ foo }}/{{ bar}} /data/www/{{ foo }}/{{ bar}}

What should work, but doesn't

A more appropriate fix would be to execute git as the user that owns the git clone directory. This should be possible with become_user, but adding the incantations to the invocation has no effect. With ...

- name: "Git clone"
  become_user: foobar
  become: true
  git:
    repo: "ssh://[email protected]/somewhere/something.git"
    accept_hostkey: yes
    key_file: "/foo/bar/{{ deployment_name }}/.ssh/id_rsa"
    dest: "/foo/bar/{{ deployment_name }}/foofoo/barbar"
    version: "{{ my_version }}"

... ansible is still executing /usr/bin/git as root, evidenced by the wrapper above. This happens on ansible 2.9 and 6.2.0 (installed using pip).

回复 原文
淡莣 2025-02-11 05:12:11

添加

- name: UPDATE - Safe Directory
  command: git config --global --add safe.directory {{ project_root }}/shared/source
  check_mode: no

和编辑

- name: UPDATE - Clone project files
  # become: yes
  # become_user: "{{ project.user.name | default(ansible_web_user) }}"
  git:
    repo: "{{ project.git.ssh }}"
    dest: "{{ project_root }}/shared/source"
    version: "{{ project.git.branch | default('master') }}"
    accept_hostkey: "{{ project.git.accept_hostkey | default(repo_accept_hostkey | default(true)) }}"
    force: yes
    key_file: "/root/.ssh/id_rsa"
    update: no
  ignore_errors: false
  no_log: false
  register: git_clone

我解决了问题;)

Adding

- name: UPDATE - Safe Directory
  command: git config --global --add safe.directory {{ project_root }}/shared/source
  check_mode: no

and editing

- name: UPDATE - Clone project files
  # become: yes
  # become_user: "{{ project.user.name | default(ansible_web_user) }}"
  git:
    repo: "{{ project.git.ssh }}"
    dest: "{{ project_root }}/shared/source"
    version: "{{ project.git.branch | default('master') }}"
    accept_hostkey: "{{ project.git.accept_hostkey | default(repo_accept_hostkey | default(true)) }}"
    force: yes
    key_file: "/root/.ssh/id_rsa"
    update: no
  ignore_errors: false
  no_log: false
  register: git_clone

I solve the problem ;)

回复 原文
有木有妳兜一样 2025-02-11 05:12:11 
 #key_file:“/root/.ssh/id_rsa.pub”

请注意, git Ansible模块的属性应该引用一个私钥,而不是公共密钥。

但是首先检查 {{project.git.ssh}}} 的值,以确保它是有效的github ssh url,例如 [email&nbsp; procearted] :me/myrepo 。如果没有,或者是空的,那将解释致命:'Origin'似乎不是Git存储库错误消息。

# key_file: "/root/.ssh/id_rsa.pub"

Note, the key_file attribute of the git Ansible module is supposed to reference a private key, not the public one.

But check first the value of {{ project.git.ssh }}, to make sure it is a valid GitHub SSH URL like [email protected]:me/myRepo. If not, or if empty, that would explain the fatal: 'origin' does not appear to be a git repository error message.

回复 原文
~没有更多了~

关于作者

胡大本事

暂无简介

文章
评论
27 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

櫻之舞

文章 0 评论 0

弥枳

文章 0 评论 0

m2429

文章 0 评论 0

寻找一个思念的角度

文章 0 评论 0

野却迷人

文章 0 评论 0

我怀念的。

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文