Ansible Git権限が拒否されました(公開鍵)。

Ansible Git権限が拒否されました(公開鍵)。
{
  "changed": false,
  "cmd": "/bin/git clone --bare ssh:********@enterprise.acme.net:7999/acme/acme-whm.git /usr/local/acme/.git",
  "msg": "Warning: Permanently added [enterprise.acme.net]:7999,[10.0.37.37]:7999 (RSA) to the list of known hosts.\r\nPermission denied (publickey).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.",                                               
  "rc": 128,
  "stderr": "Warning: Permanently added [enterprise.acme.net]:7999,[10.0.37.37]:7999 (RSA) to the list of known hosts.\r\nPermission denied (publickey).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n",                                          
  "stderr_lines": [
    "Warning: Permanently added [enterprise.acme.net]:7999,[10.0.37.37]:7999 (RSA) to the list of known hosts.",                                                                                                            
    "Permission denied (publickey).",
    "fatal: Could not read from remote repository.",
    "",
    "Please make sure you have the correct access rights",
    "and the repository exists."
  ],
  "stdout": "Cloning into bare repository /usr/local/acme/.git...\n",
  "stdout_lines": [
    "Cloning into bare repository /usr/local/acme/.git..."
  ]
}

それでは、なぜこの問題が発生するのでしょうか?

accept_hostkey: True

私の演劇では?

- name: Clone Git                                                                             
    environment:                                                                                
      TMPDIR: "{{ acme_root }}"                                                               
    git:                                                                                        
      bare: yes                                                                                 
      track_submodules: yes                                                                     
      accept_hostkey: yes                                                                       
      repo: "{{ acme_repo_upstream }}"                                                        
      dest: "{{ acme_root }}/.git"

答え1

Ansibleに接続できるかどうか、Gitの選択肢に関係なく、次のメッセージが表示された場合は、

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:J6ErF8jeZVKGsg0db5u2hiNeQbH4pdGzPcbpGXZhOm8.
Please contact your system administrator.
Add correct host key in /home/ecarroll/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/ecarroll/.ssh/known_hosts:50
  remove with:
  ssh-keygen -f "/home/ecarroll/.ssh/known_hosts" -R "10.1.38.15"
ECDSA host key for 10.1.38.15 has changed and you have requested strict checking.
Host key verification failed.

これにより、プロキシはそれを渡しません。走ってみるとssh-add -lわかるけど、

Could not open a connection to your authentication agent.

そして走らなければなりません

 ssh-keygen -f "/home/ecarroll/.ssh/known_hosts" -R "10.1.38.15"

その後、再接続します。

関連情報