The most basic way to use Git is to use the git clone command to clone a Git repository (such as example.git) to a directory on your PC (such as /home/john.doe/git), make a change to a file in the cloned repository on your PC (such as example.txt), use the git commit command to commit the change to the file, and to then use the git push command to upload the file to the Git repository.
If you are not familiar with modules, check out Ansible - Getting Started with Modules.
The git module can be used to clone a git repository to a directory on a managed node. This is like using the git clone command. In this example, the foo.git repository is cloned to the /usr/local/git/foo directory on the managed node.
- Sometimes, a password is needed to clone the repository, such as when cloning a private repository on github.com. If the password is not included in the repo key of the Ansible git module, there may be a prompt for the password. GIT_TERMINAL_PROMPT can be used to disable the prompt, which can prevent the task from hanging indefinitely when Ansible is not being run on the commit line. But this may also mask authentication faults.
- The GIT_SSL_NO_VERIFY variable is used disable SSL verfification, which can prevent stderr "peer's certificate issuer is not recognized" from being returned.
---
- name: main play
hosts: localhost
tasks:
- name: clone foo.git
ansible.builtin.git:
repo: 'https://john.doe:itsasecret@git.example.com/foo.git'
dest: /usr/local/git/foo
environment:
GIT_TERMINAL_PROMPT: false
GIT_SSL_NO_VERIFY: true
...
Instead of having the username and password in cleartext, let's store the username and password in a Vault encrypted file and then obtain the username and password as variables. Check out my article Getting Started with Ansible Vault.
---
- name: main play
hosts: localhost
tasks:
- name: clone foo.git
ansible.builtin.git:
repo: 'https://{{ vault_git_username }}:{{ vault_git_password }}@git.example.com/foo.git'
dest: /usr/local/git/foo
environment:
GIT_TERMINAL_PROMPT: false
GIT_SSL_NO_VERIFY: true
...
If the repository is setup with SSH, you may be able to clone the repo via SSH.
---
- name: main play
hosts: localhost
tasks:
- name: clone foo.git
ansible.builtin.git:
repo: ssh://git@git.example.com/foo.git
dest: /usr/local/git/foo
environment:
GIT_TERMINAL_PROMPT: false
GIT_SSL_NO_VERIFY: true
...
By default, all of the branches in the repository will be cloned. The version option is used to specify the name of a branch to clone.
---
- name: main play
hosts: localhost
tasks:
- name: clone foo.git
ansible.builtin.git:
repo: 'https://john.doe:itsasecret@git.example.com/foo.git'
dest: /usr/local/git/foo
version: master
environment:
GIT_TERMINAL_PROMPT: false
GIT_SSL_NO_VERIFY: true
...
GitHub
If you will be cloning a private repository on github.com, you'll first want to grab a copy of your SSH key from the systems that will be cloning the repostiory.
[john.doe@server1 ~]$ cat /home/john.doe/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDyN1u0Dy7IXF7pZLFpIM/eKIma1qVGl2A+glSVHqFlTwg3xGN9Lo55mGZ4qMUkK+ePx6wnjjbxbSz0/iqzWgoiSMUtHGX8kCmS4IwBms/6f247YotW17d1/NGxFtaJYFHH/0PbjdCp5ZTJQptn+BuRYO1hHdJwaZHSa+65fnwzIcdzxgielVft5dmaZEUzdY13lPAxDopSFVkrTbRo7mqi5U2Uivn+nlnsxDPCDO13hrZl3yDaiGficdGz3yLnEBvtkaKf98OokPXwe0MHxIMOSu5uC+3cYxae7lH5jbLKq4u+voB1eILjDSABA1uhk5KROU+Ek17UkqTW9RkEllbJ+FMusADvymmTTkg3eurNYrqxawGFjmOzB8BY4SNb4jlrPOx4/YBM/xFifDtjYhycfsfdZ0QuKtvnX7K3lzcoMApHOS+XCvOb9CCYdZM91J817cvbBeERzfwhQ9sbrovo5s/kqtFfQPBYKPUZes4fghFeppqYuOFmh6doGlgOUc= john.doe@server1.example.com
Then in your github.com profile, at SSH and GPG keys, add the SSH key.
And then your Ansible playbook could look something like this. There should be no need to include a username or password or key file since authentication has been established by adding your SSH keys on github.com.
---
- hosts: all
tasks:
- name: clone example.git
ansible.builtin.git:
repo: git@github.com:JohnDoe/example.git
dest: /tmp/example
accept_hostkey: true
environment:
GIT_TERMINAL_PROMPT: false
GIT_SSL_NO_VERIFY: true
...
Did you find this article helpful?
If so, consider buying me a coffee over at