So, just getting started with Ansible. I'm trying to run a simple playbook to install Apache2 on a Raspberry Pi, adapted from this example from Digital Ocean. I can ping the machine and ssh in without issues. However, the script seems to stall indefinitely at the gathering facts stage. The last bit of output from running the command with the -vvv flag is this
SSH: EXEC sshpass -d42 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'User="Nizz0k"' -o ConnectTimeout=10 -o ControlPath=/Users/Nizz0k/.ansible/cp/23ecd22287 192.168.0.45 '/bin/sh -c '"'"'echo ~Nizz0k && sleep 0'"'"''
So, I can guess that something is sending the script to sleep, but I have no idea why. Any pointers in the right direction would be greatly appreciated.
Related
My Ansible playbook connects to a remote node using a Proxy.
When the Ansible play book runs; it gives the following ERROR while doing the ssh step.
[root#vm1-msdp ANSIBLE]# ansible-playbook fend_file.yaml -i env/target -vvvvv
PLAY [LAB1] *******************************************************************
GATHERING FACTS ***************************************************************
<10.169.99.222> ESTABLISH CONNECTION FOR USER: msdp
<10.169.99.222> REMOTE_MODULE setup
<10.169.99.222> EXEC sshpass -d9 ssh -C -tt -vvv -o ProxyCommand="nc -x 142.133.134.161:1088 %h %p" -o StrictHostKeyChecking=no -o GSSAPIAuthentication=no -o PubkeyAuthentication=no -o User=msdp -o ConnectTimeout=10 10.169.99.222 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1473708903.98-28407509853006 && echo $HOME/.ansible/tmp/ansible-tmp-1473708903.98-28407509853006'
fatal: [10.169.99.222] => SSH Error: ssh_exchange_identification: Connection closed by remote host
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.
But when I run the ssh command myself, I am able to successfully connect.
[root#vm1-msdp ANSIBLE]# ssh -C -tt -o ProxyCommand="nc -x 142.133.134.161:1088 %h %p" -o StrictHostKeyChecking=no -o GSSAPIAuthentication=no -o PubkeyAuthentication=no -o User=root -o ConnectTimeout=10 10.169.99.222
root#10.169.99.222's password:
Last login: Mon Sep 12 12:28:19 2016 from 10.169.102.6
root#IC02 ~ #
Do I need to clear any ansible files ?
When you run the SSH command manually, you are specifying the root user. Your Ansible playbook is using your local user of msdp. Try setting your ansible_user variable in your inventory file. Maybe something like:
10.169.99.22 ansible_user=root
I keep beating my head against the wall - a few days ago, ansible stopped being able to connect to one of my boxes. It just hangs after the output below. The only stuff I've done to the box recently is to do apt-get upgrade... Nothing else. Worked perfectly before. I'm the only one with rights to access it.
Any hints on where to look? I've tried enabling and disabling sudo in my hosts file, makes no difference.
Command I run:
ansible-playbook site.yml -i hosts.yml -vvvv -u ubuntu
Outputs this and hangs:
<cb2> ESTABLISH CONNECTION FOR USER: ubuntu
<cb2> REMOTE_MODULE setup
<cb2> EXEC ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/Users/alexweinstein/.ansible/cp/ansible-ssh-%h-%p-%r" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 cb2 /bin/sh -c 'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python'
Note that I can ssh to the box just fine. Using ansible 1.9.4.
ADDITIONAL INFO:
When I try to ssh into the box using the same exact ssh command as what ansible is outputting (see below), the connection goes thru just fine:
ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o
ControlPath="/Users/alexweinstein/.ansible/cp/ansible-ssh-%h-%p-%r" -o
KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 cb2
Ping command hangs at the same exact point.
ansible all -i hosts.yml -m ping -vvvv
I got the problem solved by upgrading to ansible 2.1. BUT, as long as the verbose output was enabled (ansible-playbook -vvv, or ansible -v), the hang remained! I turned the verbose output off, and the issue went away.
Ansible bug, clearly.
I'm trying to get set up with Ansible for the first time, to connect to a Raspberry Pi. Following the official 'getting started' steps, I've made an inventory file:
192.168.1.206
.. but the ping fails as follows:
$ ansible all -m ping -vvv
No config file found; using defaults
<192.168.1.206> ESTABLISH SSH CONNECTION FOR USER: pi
<192.168.1.206> SSH: EXEC ssh -C -q -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=pi -o ConnectTimeout=10 -o ControlPath=/Users/username/.ansible/cp/ansible-ssh-%h-%p-%r 192.168.1.206 '/bin/sh -c '"'"'( umask 22 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1464128959.67-131325759126042 `" && echo "` echo $HOME/.ansible/tmp/ansible-tmp-1464128959.67-131325759126042 `" )'"'"''
192.168.1.206 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh.",
"unreachable": true
}
This looks the same as this question, but adding password/user bits make no effect for me, shouldn't be necessary to ping, and aren't in the official example anyhow. In any case I'd prefer to configure Ansible to use a specific public/private key pair (as per ssh -i ~/.ssh/keyfile method..)
Grateful for assistance.
Oh and yes the Raspberry is available at that address:
$ ping 192.168.1.206
PING 192.168.1.206 (192.168.1.206): 56 data bytes
64 bytes from 192.168.1.206: icmp_seq=0 ttl=64 time=83.822 ms
Despite what its name could suggest, Ansible ping module doesn't make an ICMP ping.
It tries to connect to host and makes sure a compatible version of Python is installed (as stated in the documentation).
ping - Try to connect to host, verify a usable python and return pong on success.
If you want to use a specific private key, you can specify ansible_ssh_private_key_file in your inventory file:
[all]
192.168.1.206 ansible_ssh_private_key_file=/home/example/.ssh/keyfile
It works for me.
10.23.4.5 ansible_ssh_pass='password' ansible_user='root'
You can also troubleshoot by executing ssh in debug mode and compare the results when running:
ssh -v pi#192.168.1.206
with:
ansible all -m ping -vvvv
I'm new to Ansible.I set-up an Ubuntu virtual machine using Vagrant. I'm able to ssh into the machine using ssh vagrant#172.16.23.228. I have created an ssh key with the same password as the vm, added it to the agent and specified the path in my hosts file.
After following the instructions here I started to receive the following errors, when running this command (ansible all --inventory-file=hosts.ini --module-name ping -u vagrant -vvvv):
Not sure what I'm missing from my set-up, what else I need to check?
<172.16.23.228> ESTABLISH CONNECTION FOR USER: vagrant
<172.16.23.228> REMOTE_MODULE ping
<172.16.23.228> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/Users/user/.ansible/cp/ansible-ssh-%h-%p-%r" - o Port=22 -o IdentityFile="~Users/user/.ssh/onemachine_rsa" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 172.16.23.228 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1451080871.59-247915080664557 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1451080871.59-247915080664557 && echo $HOME/.ansible/tmp/ansible-tmp-1451080871.59-247915080664557'
172.16.23.228 | FAILED => SSH Error: tilde_expand_filename: No such user Users
while connecting to 172.16.23.228:22
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.
My hosts file looks like:
[testserver]
172.16.23.228 ansible_ssh_port=22 ansible_ssh_user=vagrant ansible_ssh_private_key_file=~Users/user/.ssh/onemachine_rsa
What you're doing can work, but I highly recommend using the built-in Ansible provisioner in Vagrant. It will make your life easier and improve your Vagrant skills at the same time. And if you need to execute any shell scripts, use the shell provisioner.
Providing this answer for the benefit of those, like me, who arrive later at the party. Latest Vagrant installations install a private key in a local directory instead of using the admittedly insecure private key for every VM. You'll have to create an ansible_hosts file like this one:
[vagrantboxes]
jessie ansible_ssh_port=2222 ansible_ssh_host=127.0.0.1
[vagrantboxes:vars]
ansible_ssh_user=vagrant
ansible_ssh_private_key_file=.vagrant/machines/default/virtualbox/private_key
Where the key is the last line, which provides a path to the actual private key used in the virtual machine that has been started up from this particular directory.
The path to your ansible_ssh_private_key_file is incorrect. Try ansible_ssh_private_key_file=~/.ssh/onemachine_rsa instead. The tilde in this case expands to the home directory of your user on the local machine you're running ansible from.
I run a computer with Ubuntu 15.10 and I try to run Vagrant with Ansible.
Before start, I like to say that I don't have any idea about server management and especialy the Ansible.
The reason I am going to run my system this way, is because I have start working on a project that requires this installation.
After all, the problem I have is that while provisioning the Vagrant I get the following message
<aaa.dev> ESTABLISH CONNECTION FOR USER: vagrant
<aaa.dev> REMOTE_MODULE setup
<aaa.dev> EXEC ssh -C -tt -vvv -o UserKnownHostsFile=/dev/null -o IdentitiesOnly=yes -o IdentityFile=/media/merianos/Large Internal/Vagrant/ansible-project/.vagrant/machines/default/virtualbox/private_key -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/merianos/.ansible/cp/%h-%r" -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=30 aaa.dev /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1446622406.54-199921739516776 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1446622406.54-199921739516776 && echo $HOME/.ansible/tmp/ansible-tmp-1446622406.54-199921739516776'
fatal: [aaa.dev] => SSH Error: ControlPath too long
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.
So, is it posible to help me someone with this issue ?
Just to say that I have try this article : https://github.com/ansible/ansible/issues/11536 and I changed the control_path in my ansible.cfg to control_path = %(directory)s/%%h-%%r but still not working.
Note My installation path contains a space that I can't remove it because are running many other projects on the same HDD and the configuration will be huge for all the projects. I don't know if that space is the problem, but just I say about it.
UPDATE #1
Result before I change anything:
<aaa.dev> ESTABLISH CONNECTION FOR USER: vagrant
<aaa.dev> REMOTE_MODULE setup
<aaa.dev> EXEC ssh -C -tt -vvv -o UserKnownHostsFile=/dev/null -o IdentitiesOnly=yes -o IdentityFile=/media/merianos/Large Internal/Vagrant/ansible-project/.vagrant/machines/default/virtualbox/private_key -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/merianos/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=30 aaa.dev /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1446628138.53-155680153347939 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1446628138.53-155680153347939 && echo $HOME/.ansible/tmp/ansible-tmp-1446628138.53-155680153347939'
fatal: [aaa.dev] => SSH Error: ControlPath too long
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.
Result with control_path = %(directory)s/%%h-%%r :
<aaa.dev> ESTABLISH CONNECTION FOR USER: vagrant
<aaa.dev> REMOTE_MODULE setup
<aaa.dev> EXEC ssh -C -tt -vvv -o UserKnownHostsFile=/dev/null -o IdentitiesOnly=yes -o IdentityFile=/media/merianos/Large Internal/Vagrant/ansible-project/.vagrant/machines/default/virtualbox/private_key -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/merianos/.ansible/cp/%h-%r" -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=30 aaa.dev /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1446628320.4-231606404275563 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1446628320.4-231606404275563 && echo $HOME/.ansible/tmp/ansible-tmp-1446628320.4-231606404275563'
fatal: [aaa.dev] => SSH Error: ControlPath too long
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.
UPDATE #2
After I set the ssh_args = -o ControlMaster=off I get the following result:
<aaa.dev> ESTABLISH CONNECTION FOR USER: vagrant
<aaa.dev> REMOTE_MODULE setup
<aaa.dev> EXEC ssh -C -tt -vvv -o UserKnownHostsFile=/dev/null -o IdentitiesOnly=yes -o IdentityFile=/media/merianos/Large Internal/Vagrant/ansible-project/.vagrant/machines/default/virtualbox/private_key -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/merianos/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=30 aaa.dev /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1446628489.4-10074395967553 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1446628489.4-10074395967553 && echo $HOME/.ansible/tmp/ansible-tmp-1446628489.4-10074395967553'
fatal: [aaa.dev] => SSH Error: ControlPath too long
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.
In general for each modification I did, the error message seems to be the same, and maybe the configuration it happens from some other level, but not the ansible.cfg.
Unfortunatelly I don't know where to find that location :(
I described the problem in similar question.
You need to change it to something shorter (if you have long hostname). For test case you can try just ./master, but for real use case, you should use at least ./s/%%h-%%r.
The very first sentence of the documentation for OpenSSH specific settings in Ansible says:
Under the [ssh_connection] header, the following settings are tunable for SSH connections.
So you need to place the ssh_args variable in [ssh_connection] section of the ansible.cfg, for example:
[defaults]
timeout = 600
[ssh_connection]
ssh_args = -o ControlMaster=off
In fact overriding the ssh_args with an empty value disables the defaults for ControlMaster/ControlPersistent/ControlPath in Ansible, so it should simply be:
[ssh_connection]
ssh_args =
Short Answers
Pass this as an argument to ansible or ansible-playbook commands:
-e "ansible_ssh_common_args='-o ControlPath=/tmp/ssh-%r#%h:%p'"
Or as env variable
export ANSIBLE_SSH_ARGS="-o ControlPath=/tmp/ssh-%r#%h:%p'"
Or as an argument to the host definition in the inventory file
[web_servers]
host ansible_ssh_common_args='-o ControlPath=/tmp/ssh-%r#%h:%p'
Avoid using /tmp directory as its not secure
Long Answer
ControlPath too long is the error that belongs to SSH. SSH creates a control (unix) socket to reuse a TCP connection. The Control path is where this socket is saved.
Ansible may use its local config directory as the location to the ControlPath and if this local config directory is long would raise this error. Alternatively if the home directory itself is at a long path this problem may raise.
Typically, this can be fixed at SSH end by simply using a shorter path in the local ssh config file (~/.ssh/config):
Host *
ControlPath /tmp/ssh-%r#%h:%p
This will create socket file in the /tmp directory (very short path and is world writeable) using the username (%r), hostname (%h), and port number (%p) from the SSH connection as part of the filename
/tmp is world writeable and is not safe. Hackers can use the socket file from the /tmp to login to target SSH server and is dangerous. Please prefer using home directory if it is at short path
Ansible typically should read the file ~/.ssh/config and load ControlPath settings. However in some cases if it isn't, then the following can be done:
Use ANSIBLE_SSH_CONFIG environment variable like:
export ANSIBLE_SSH_CONFIG=~/.ssh/config
OR use ansible configuration file. Create an ansible.cfg file in the ansible project directory and add this code to it:
[ssh_connection]
ssh_args = -F /full/path/to/ssh_config
For me, ~ or \~ in the cfg file didn't work. So ~/.ssh/config wouldn't work and we need to specify full path to the .ssh/config for ex: /home/xxxx/.ssh/config