Bootstrap FreeKB - Ansible - Clone a repository using the git module
Ansible - Clone a repository using the git module

Updated:   |  Ansible articles

The most basic way to use Git is to use the git clone command to clone a Git repository (such as example.git) to a directory on your PC (such as /home/john.doe/git), make a change to a file in the cloned repository on your PC (such as example.txt), use the git commit command to commit the change to the file, and to then use the git push command to upload the file to the Git repository.

If you are not familiar with modules, check out Ansible - Getting Started with Modules.

The git module can be used to clone a git repository to a directory on a managed node. This is like using the git clone command. In this example, the foo.git repository is cloned to the /usr/local/git/foo directory on the managed node.

  • Sometimes, a password is needed to clone the repository, such as when cloning a private repository on github.com. If the password is not included in the repo key of the Ansible git module, there may be a prompt for the password. GIT_TERMINAL_PROMPT can be used to disable the prompt, which can prevent the task from hanging indefinitely when Ansible is not being run on the commit line. But this may also mask authentication faults.
  • The GIT_SSL_NO_VERIFY variable is used disable SSL verfification, which can prevent stderr "peer's certificate issuer is not recognized" from being returned.
---
- name: main play
  hosts: localhost
  tasks:
  - name: clone foo.git
    ansible.builtin.git:
      repo: 'https://john.doe:itsasecret@git.example.com/foo.git'
      dest: /usr/local/git/foo
    environment:
      GIT_TERMINAL_PROMPT: false
      GIT_SSL_NO_VERIFY: true
...

 

Instead of having the username and password in cleartext, let's store the username and password in a Vault encrypted file and then obtain the username and password as variables. Check out my article Getting Started with Ansible Vault.

---
- name: main play
  hosts: localhost
  tasks:
  - name: clone foo.git
    ansible.builtin.git:
      repo: 'https://{{ vault_git_username }}:{{ vault_git_password }}@git.example.com/foo.git'
      dest: /usr/local/git/foo
    environment:
      GIT_TERMINAL_PROMPT: false
      GIT_SSL_NO_VERIFY: true
...

 

If the repository is setup with SSH, you may be able to clone the repo via SSH.

---
- name: main play
  hosts: localhost
  tasks:
  - name: clone foo.git
    ansible.builtin.git:
      repo: ssh://git@git.example.com/foo.git
      dest: /usr/local/git/foo
    environment:
      GIT_TERMINAL_PROMPT: false
      GIT_SSL_NO_VERIFY: true
...

 

By default, all of the branches in the repository will be cloned. The version option is used to specify the name of a branch to clone.

---
- name: main play
  hosts: localhost
  tasks:
  - name: clone foo.git
    ansible.builtin.git:
      repo: 'https://john.doe:itsasecret@git.example.com/foo.git'
      dest: /usr/local/git/foo
      version: master
    environment:
      GIT_TERMINAL_PROMPT: false
      GIT_SSL_NO_VERIFY: true
...

 

GitHub

If you will be cloning a private repository on github.com, you'll first want to grab a copy of your SSH key from the systems that will be cloning the repostiory.

[john.doe@server1 ~]$ cat /home/john.doe/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDyN1u0Dy7IXF7pZLFpIM/eKIma1qVGl2A+glSVHqFlTwg3xGN9Lo55mGZ4qMUkK+ePx6wnjjbxbSz0/iqzWgoiSMUtHGX8kCmS4IwBms/6f247YotW17d1/NGxFtaJYFHH/0PbjdCp5ZTJQptn+BuRYO1hHdJwaZHSa+65fnwzIcdzxgielVft5dmaZEUzdY13lPAxDopSFVkrTbRo7mqi5U2Uivn+nlnsxDPCDO13hrZl3yDaiGficdGz3yLnEBvtkaKf98OokPXwe0MHxIMOSu5uC+3cYxae7lH5jbLKq4u+voB1eILjDSABA1uhk5KROU+Ek17UkqTW9RkEllbJ+FMusADvymmTTkg3eurNYrqxawGFjmOzB8BY4SNb4jlrPOx4/YBM/xFifDtjYhycfsfdZ0QuKtvnX7K3lzcoMApHOS+XCvOb9CCYdZM91J817cvbBeERzfwhQ9sbrovo5s/kqtFfQPBYKPUZes4fghFeppqYuOFmh6doGlgOUc= john.doe@server1.example.com

 

Then in your github.com profile, at SSH and GPG keys, add the SSH key.

 

And then your Ansible playbook could look something like this. There should be no need to include a username or password or key file since authentication has been established by adding your SSH keys on github.com.

---
- hosts: all
  tasks:
  - name: clone example.git
    ansible.builtin.git:
      repo: git@github.com:JohnDoe/example.git
      dest: /tmp/example
      accept_hostkey: true
    environment:
      GIT_TERMINAL_PROMPT: false
      GIT_SSL_NO_VERIFY: true
...

 

 

 

 




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee



Comments


Add a Comment


Please enter 8dadc7 in the box below so that we can be sure you are a human.