ansible: git module is hanging

26
votes

I am using Ansible and I am having a hard time making the git module works. I have read several posts of people having the same problem, I looked at the ansible doc, well I tried almost everything. I found a clear tutorial that I followed until they use git but again I have a problem when I use my repository... :/ The git task just hangs... no error, it is just stuck!

Here is my host file:

[web]
dev1 ansible_ssh_host=10.0.0.101 ansible_ssh_user=root

This is a vagrant VM running on virtualbox on my computer.

I took the playbook from this tutorial and did all the steps until step 08: https://github.com/leucos/ansible-tuto/tree/master/step-08

I run it on my VM, it works fine, then I add one task "Deploy my code" to use my repository... but this task does not work. It is a private repository on bitbucket. Does it make a difference?

- hosts: web
  tasks:

    - name: Deploy our awesome application
      action: git repo=https://github.com/leucos/ansible-tuto-demosite.git dest=/var/www/awesome-app
      tags: deploy

    - name: Deploy my code
      action: git repo=https://[email protected]/YAmikep/djangotutorial.git dest=/var/www/my-app
      tags: deploy

There might be something with the user, or the user running ansible, or the keys, etc, but I tried back and forth for hours and I am even more confused now... I just do not know what to do to debug that now and find out what is wrong and what I am missing.

Thanks.

7
gitansible
I would not personally recommend to use HTTPS to access git repos, unless you are behind very strict firewall (without 22 outbound, yep). This could create problems when pushing large commmits, this could badly depend on HTTP proxy settings, and of course it stores your very password in cleantext just besides your repo. ssh private keys, which are agent-forwarded to remote hosts for just enough peroids of time are more preferable.spacediver
As a general note. The syntax https://github.com/account/repo-name.git will not work with a deployment key in an Ansible task. However, the syntax [email protected]:account/repo-name.git will work in an Ansible task with a valid deployment key. The syntax is subtle but important to notice.avelis
@avelis your comment helped me out today. changed the url from https to gitsankargorthi

7 Answers

15
votes

There are a couple of reasons why the git module might be hanging, but the most possible is that the git clone command is waiting for a confirmation if the host key should be added to your server's known hosts. To verify if this is the problem execute ansible with the flag: --verbose, so that it runs in verbose mode, this will give you more information about the error.

If you confirm that the known hosts is the problem, then you have two choices:

Solution 1:

To avoid this problem with the git module use the accept_hostkey parameter.

- name: ensure jquery repo is available
  git: [email protected]:jquery/jquery.git version=master accept_hostkey=True

Solution 2:

Use the ansible-sshknownhosts third-party module before using the core git module:

- name: ensure github is a known host
  action: sshknownhosts host=github.com state=present 

- name: ensure jquery repo is available
  git: [email protected]:jquery/jquery.git version=master accept_hostkey=True

Since the knownhosts is not a core ansible module, you will need to install it first, please refer to the github repo docs for more information hon how to install it.

another solution would be to disable ssh host key checking, but this has security implications, so unless you really know what you are doing it is best to avoid this.

11
votes

I tried basically everything (accepting keys, ssh config change, known_hosts file, ssh-agent forwarding, and forgot what else) to no success.

After pulling all of my hair out, I eventually nailed down the problem to be a fact that the SSH private key may require a passphrase!

I didn't notice that earlier because local ssh agent took care of it using keyring stored passphrase so everything worked locally. Using Ansible on a Vagrant Virtual Machine, this mechanism was not available and the git module got stuck waiting for the passphrase to be entered. Once realised the possible cause, I created a special keypair without passphrase (security aspects are known, right?) and added the public key to bitbucket (/github /whichever). When using this particular key - things went smoothly through.

7
votes

If the user requires a password, the git module can hang if one isn't provided while the git executable prompts for it in the background. For your repo parameter, try using https://YAmikep:{yourpassword}@bitbucket.org/YAmikep/djangotutorial.git. Or, try using git/ssh keys instead so no password is required.

3
votes

I've encountered this, and in my case git hang up on confirming new ssh key for a host (bitbucket.org). This could be solved by sshknownhosts module, which is run before git to populate .ssh/known_hosts at the host, so that afterwards git does not need to hang on it.

But be careful about possible security issues, read module documentation.

3
votes

fwiw I've also had this apparently caused by multiple ssh agents running (osx client). Fixed by

killall ssh-agent && eval `ssh-agent` && ssh-add -K

2
votes

For me the problem was specifying the https path to git instead of the ssh path.

https://gitlab.com/foo/bar.git # Incorrect
[email protected]:foo/bar.git # Correct
0
votes

I had a similar problem when using ansible with terraform. Terraform security groups do not default to "allow all egress" like they do in the AWS console, so the git clone request would not be sent regardless of client causing the hanging behavior.

See the note in the terraform docs here: https://www.terraform.io/docs/providers/aws/r/security_group.html#description-2