el repository privado se está clonando a través de un libro de jugadas ansible, pero las gems privadas no se están instalando

Estoy usando ansible para la administración de la configuration. Estoy clonando el repository privado después de copyr el file de pares de keys públicas y privadas en el server remoto. La clonación funciona bien, pero cuando ejecuté bundle install , se me public key permission denied error del public key permission denied .

Libro de jugadas Ansible

 --- - hosts: launched sudo: yes remote_user: ubuntu key_file: /home/ubuntu/.ssh/id_rsa tasks: - name: update apt apt: update_cache=yes - name: ensure public key and public one are present sudo: yes copy: src={{item}} dest=/home/ubuntu/.ssh/{{ item }} mode=0600 with_items: - id_rsa.pub - name: ensure private key and public one are present sudo: yes copy: src={{item}} dest=/home/ubuntu/.ssh/{{ item }} mode=0600 with_items: - id_rsa - name: Deploy site files from Github repository # sudo: yes git: repo=git@github.com:xyz/abc.git dest=/home/{{deploy_user}}/{{app_name}} key_file=/home/ubuntu/.ssh/id_rsa accept_hostkey=yes force=yes version=release - name: config database.yml template: src=database.yml.j2 dest={{ deploy_directory}}/config/database.yml - name: bundle install command: bundle install chdir={{ deploy_directory }} - name: sidekiq initializer command: bundle exec sidekiq -C ./config/sidekiq.yml chdir={{deploy_directory}} - name: migrate create command: rake db:create RAILS_ENV="production" chdir={{ deploy_directory }} - name: migrate migrate command: rake db:migrate RAILS_ENV="production" chdir={{ deploy_directory }} 

El Gemfile usa gems privadas a través de ssh url de gitub. Por lo tanto, al ejecutar la installation del package a través del libro de jugadas, aparece el siguiente error.

 failed: [XXXX] => {"changed": true, "cmd": ["bundle", "install"], "delta": "0:00:05.788387", "end": "2015-11-03 06:39:43.671879", "rc": 11, "start": "2015-11-03 06:39:37.883492", "warnings": []} stderr: Permission denied (publickey). fatal: Could not read from remote repository. Please make sure you have the correct access rights. 

La key que agregué al server remoto también tiene acceso a una gem privada, pero de alguna manera niega el permiso.

Personalmente intenté clonar el repository por ssh en el server remoto, pero no pude acceder al repository (repo principal y repository de gems), aunque las keys se están copyndo a ~/.ssh/ diretory del server remoto.

salida de ssh -vvv git@github.com

 OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to github.com [192.30.252.130] port 22. debug1: Connection established. debug1: identity file /home/ubuntu/.ssh/id_rsa type -1 debug1: identity file /home/ubuntu/.ssh/id_rsa-cert type -1 debug1: identity file /home/ubuntu/.ssh/id_dsa type -1 debug1: identity file /home/ubuntu/.ssh/id_dsa-cert type -1 debug1: identity file /home/ubuntu/.ssh/id_ecdsa type -1 debug1: identity file /home/ubuntu/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/ubuntu/.ssh/id_ed25519 type -1 debug1: identity file /home/ubuntu/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 debug1: Remote protocol version 2.0, remote software version libssh-0.7.0 debug1: no match: libssh-0.7.0 debug2: fd 3 setting O_NONBLOCK debug3: load_hostkeys: loading entries for host "github.com" from file "/home/ubuntu/.ssh/known_hosts" debug3: load_hostkeys: found key type RSA in file /home/ubuntu/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: ecdh-sha2-nistp256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-dss,ssh-rsa debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc debug2: kex_parse_kexinit: hmac-sha1,hmac-sha2-256,hmac-sha2-512 debug2: kex_parse_kexinit: hmac-sha1,hmac-sha2-256,hmac-sha2-512 debug2: kex_parse_kexinit: none,zlib,zlib@openssh.com debug2: kex_parse_kexinit: none,zlib,zlib@openssh.com debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: setup hmac-sha1 debug1: kex: server->client aes128-ctr hmac-sha1 none debug2: mac_setup: setup hmac-sha1 debug1: kex: client->server aes128-ctr hmac-sha1 none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: RSA 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48 debug3: load_hostkeys: loading entries for host "github.com" from file "/home/ubuntu/.ssh/known_hosts" debug3: load_hostkeys: found key type RSA in file /home/ubuntu/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys debug3: load_hostkeys: loading entries for host "192.30.252.130" from file "/home/ubuntu/.ssh/known_hosts" debug3: load_hostkeys: loaded 0 keys debug1: Host 'github.com' is known and matches the RSA host key. debug1: Found key in /home/ubuntu/.ssh/known_hosts:1 Warning: Permanently added the RSA host key for IP address '192.30.252.130' to the list of known hosts. debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/ubuntu/.ssh/id_rsa ((nil)), debug2: key: /home/ubuntu/.ssh/id_dsa ((nil)), debug2: key: /home/ubuntu/.ssh/id_ecdsa ((nil)), debug2: key: /home/ubuntu/.ssh/id_ed25519 ((nil)), debug1: Authentications that can continue: publickey debug3: start over, passed a different list publickey debug3: prefernetworking gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining prefernetworking: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Trying private key: /home/ubuntu/.ssh/id_rsa debug1: could not open key file '/home/ubuntu/.ssh/id_rsa': Permission denied debug1: Trying private key: /home/ubuntu/.ssh/id_dsa debug3: no such identity: /home/ubuntu/.ssh/id_dsa: No such file or directory debug1: Trying private key: /home/ubuntu/.ssh/id_ecdsa debug3: no such identity: /home/ubuntu/.ssh/id_ecdsa: No such file or directory debug1: Trying private key: /home/ubuntu/.ssh/id_ed25519 debug3: no such identity: /home/ubuntu/.ssh/id_ed25519: No such file or directory debug2: we did not send a packet, disable method debug1: No more authentication methods to try. Permission denied (publickey). 

notarás que en la salida SSH tienes

  Trying private key: /home/ubuntu/.ssh/id_rsa debug1: could not open key file '/home/ubuntu/.ssh/id_rsa': Permission denied debug1: Trying private key: /home/ubuntu/.ssh/id_dsa debug3: no such identity: /home/ubuntu/.ssh/id_dsa: No such file or directory debug1: Trying private key: /home/ubuntu/.ssh/id_ecdsa debug3: no such identity: /home/ubuntu/.ssh/id_ecdsa: No such file or directory debug1: Trying private key: /home/ubuntu/.ssh/id_ed25519 debug3: no such identity: /home/ubuntu/.ssh/id_ed25519: No such file or directory 

la primera línea dice que el usuario actual no tiene permiso para id_rsa.

parece que usas sudo para copyr la key que podría establecer la propiedad del file para rootear en lugar de ubuntu.

cambio:

copy: src={{item}} dest=/home/ubuntu/.ssh/{{ item }} mode=0600

a:

copy: src={{item}} dest=/home/ubuntu/.ssh/{{ item }} mode=0600 owner=ubuntu

que de acuerdo con los documentos ansible será el usuario el file debe ser propiedad de

también debe poner ambos files (id_rsa e id_rsa.pub) de la misma manera con los elementos para que los ejecute en un bucle

me gusta:

  - name: ensure public key and public one are present sudo: yes copy: src={{item}} dest=/home/ubuntu/.ssh/{{ item }} mode=0600 with_items: - id_rsa.pub - id_rsa