GIT_EXECUTABLE: The location of the git binary on the target machine.A typical location would be ~/.ssh/known_hosts KNOWN_HOSTS_PATH: Location of the SSH known_hosts file on the target machine.CLONE_DEST: The folder where repository should be cloned to.An example would be GIT_BRANCH: Switch to this branch after cloning GIT_REPO: The SSH url of the GitHub repository to be cloned.A typical location would be ~/.ssh/id_rsa.git
#Git add remote private repo full#
#Git add remote private repo password#
Ok, now that we have the password file, we can finally encrypt our github access token using Ansible Vault. Create an environment variable: ANSIBLE_VAULT_PASSWORD_FILE=/path/to/password/file In ansible.cfg file, add the line: vault_password_file = /path/to/password/file under Ģ. In order to let Ansible know where to look for the password file, you have two options:ġ. I like to use a passphrase and encrypt it using an encryption tool:Įcho "your-pass-phrase" | openssl aes-256-cbc -a -salt > /path/to/password/file A password file can be a simple text file containing your Ansible vault password. To avoid being prompted for a vault password, we will be using a vault password file. Because we want to automate the process of cloning a private repository, we don't want to stop the playbook for user input during run time. To decrypt the encrypted string at run time, Ansible will prompt the user to enter the vault password. Ansible Vault provides an easy way to encrypt a string and use it as a variable. Once we have generated the token, it should be encrypted before being used in a playbook. We will be following the second approach by developing a role that creates a new SSH key on the remote machine, adds the public key to a GitHub account and, ultimately, clones the private repository. Create a task or role that generates a new SSH key on the remote machine and adds the public key to the git server. If the remote machine is ever compromised, your private key would be exposed.Ģ.
It is not advisable to do this due to security concerns. Create a task that copies your local SSH private key to the remote machine before performing the clone operation.
At this point, two possible solutions to this problem would be:ġ. As a result, the git server is unable to authenticate the clone request. This is happening because the remote machine where Ansible is trying to clone the repository into, does not have the same SSH credentials that your local machine does. Getting back to the problem at hand, if you try to use Ansible's git module to clone a private repository, you will likely encounter the following error: If you are new to Ansible and would like to learn more, here is a great place to start.
I am going to be assuming that you are familiar with Ansible and have previous experience developing Ansible playbooks. Okay, but how about a private git repository? Well, this is where it gets a bit tricky. I will be explaining the process of cloning a private git repository using Ansible and hopefully, by the time you are done reading this blog, you will have a clearer picture of the underlying details. It turns out, I couldn't have been more wrong! Sure, cloning a public repository using Ansible is quite easy and can be done with a few lines of YAML. The naive Ansible developer in me thought just how hard could it be? I would simply use Ansible's git module and call it a day - easy peasy. I was working with a few of my colleagues to create a playbook that would automate the process of cloning a private repository located in IBM's enterprise GitHub. If you have ever used Ansible to clone a git repository, you may have encountered a similar problem I ran into a couple of months ago.
0 kommentar(er)
