Below ssh connectivity works fine:
ssh -i /opt/cert/id_rsa_prod targetuser#targethost -t bash
My ansible host file has the below entry
[target*]
targethost ansible_python_interpreter=/opt/bin/python2.7 ansible_ssh_extra_args="-t bash" ansible_ssh_common_args="-t" ansible_ssh_private_key_file=/opt/cert/id_rsa_prod USER_RUN=targetuser
When I run this ansible playbook it fails to connect to target host and throws the below error output:
23:53:42 ESTABLISH SSH CONNECTION FOR USER: targetuser
23:53:42 SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o
ControlPersist=60s -o 'IdentityFile="/opt/cert/id_rsa_prod"' -o
KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=targetuser -o ConnectTimeout=10 -t bash -o ControlPath=/home/sourceuser/.ansible/cp/e8313d01d6 targethost '/bin/sh -c '"'"'echo ~targetuser && sleep 0'"'"''
23:53:42 (255, '', 'OpenSSH_7.7p1 (CentrifyDC build
5.5.1-395) , OpenSSL 1.0.2o-fips 27 Mar 2018\r\ndebug1: Reading configuration data /home/sourceuser/.ssh/config\r\ndebug1: Reading
configuration data /etc/centrifydc/ssh/ssh_config\r\ndebug1:
/etc/centrifydc/ssh/ssh_config line 3: Applying options for
*\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: Control socket "/home/sourceuser/.ansible/cp/e8313d01d6" does not
exist\r\ndebug2: resolving "bash" port 22\r\nssh: Could not resolve
hostname bash: Name or service not known\r\n')
23:53:42 fatal: [targethost]: UNREACHABLE! => {
23:53:42 "changed": false,
23:53:42 "msg": "Failed to connect to the host via ssh:
OpenSSH_7.7p1 (CentrifyDC build 5.5.1-395) , OpenSSL 1.0.2o-fips 27
Mar 2018\r\ndebug1: Reading configuration data
/home/sourceuser/.ssh/config\r\ndebug1: Reading configuration data
/etc/centrifydc/ssh/ssh_config\r\ndebug1:
/etc/centrifydc/ssh/ssh_config line 3: Applying options for
*\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: Control socket \"/home/sourceuser/.ansible/cp/e8313d01d6\" does not
exist\r\ndebug2: resolving \"bash\" port 22\r\nssh: Could not resolve
hostname bash: Name or service not known\r\n",
23:53:42 "unreachable": true
23:53:42 }
23:53:42 to retry, use: --limit
#/opt/scripts/myfolder/site.retry
23:53:42
23:53:42 PLAY RECAP
23:53:42 targethost : ok=0 changed=0 unreachable=1 failed=0
Can you please suggest how to fix the connectivity issue ?
Related
in step 10 of tutorial
https://dzone.com/articles/kubespray-10-simple-steps-for-installing-a-product
for deploying a production ready kubernetes cluster with kubespray, an error occured when running ansible-playbook command.error is:
ERROR! SSH Error: data could not be sent to the remote host. Make sure this host can be reached over ssh
ssh passwordless is active between nodes and i can run ssh from each nodes without password.
can anyone help me?
thanks
this is my command and it's output:
master-node#master-node:~/kubespray$ sudo ansible all -i inventory/mycluster/hosts.ini -m ping -vvv
ansible 2.7.8
config file = /home/master-node/kubespray/ansible.cfg
configured module search path = [u'/home/master-node/kubespray/library']
ansible python module location = /usr/local/lib/python2.7/dist-packages/ansible
executable location = /usr/local/bin/ansible
python version = 2.7.12 (default, Nov 12 2018, 14:36:49) [GCC 5.4.0 20160609]
Using /home/master-node/kubespray/ansible.cfg as config file
/home/master-node/kubespray/inventory/mycluster/hosts.ini did not meet host_list requirements, check plugin documentation if this is unexpected
/home/master-node/kubespray/inventory/mycluster/hosts.ini did not meet script requirements, check plugin documentation if this is unexpected
/home/master-node/kubespray/inventory/mycluster/hosts.ini did not meet yaml requirements, check plugin documentation if this is unexpected
Parsed /home/master-node/kubespray/inventory/mycluster/hosts.ini inventory source with ini plugin
META: ran handlers
Using module file /usr/local/lib/python2.7/dist-packages/ansible/modules/system/ping.py
<192.168.1.107> ESTABLISH SSH CONNECTION FOR USER: worker-node
<192.168.1.107> SSH: EXEC ssh -o ControlMaster=auto -o ControlPersist=30m -o ConnectionAttempts=100 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=worker-node -o ConnectTimeout=10 -o ControlPath=/home/master-node/.ansible/cp/e24ed02313 192.168.1.107 '/bin/sh -c '"'"'/usr/bin/python && sleep 0'"'"''
Using module file /usr/local/lib/python2.7/dist-packages/ansible/modules/system/ping.py
<192.168.1.142> ESTABLISH SSH CONNECTION FOR USER: master-node
<192.168.1.142> SSH: EXEC ssh -o ControlMaster=auto -o ControlPersist=30m -o ConnectionAttempts=100 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=master-node -o ConnectTimeout=10 -o ControlPath=/home/master-node/.ansible/cp/01ac2924af 192.168.1.142 '/bin/sh -c '"'"'/usr/bin/python && sleep 0'"'"''
master-node | UNREACHABLE! => {
"changed": false,
"msg": "SSH Error: data could not be sent to remote host \"192.168.1.142\". Make sure this host can be reached over ssh",
"unreachable": true
}
worker-node | UNREACHABLE! => {
"changed": false,
"msg": "SSH Error: data could not be sent to remote host \"192.168.1.107\". Make sure this host can be reached over ssh",
"unreachable": true
}
I have a inventory with around 10 hosts and my playbook runs on all except 2. I am able to login to those 2 hosts passwordlessly from Ansible Server. But when I run the playbook or even a simple ping module I get error:
192.168.x.xxx | UNREACHABLE! => {
"changed": false,
"msg": "Authentication or permission failure. In some cases, you may have been able to authenticate and did not have permissions on the remote directory. Consider changing the remote temp path in ansible.cfg to a path rooted in \"/tmp\". Failed command was: ( umask 77 && mkdir -p \"` echo $HOME/.ansible/tmp/ansible-tmp-1498895076.45-202255130489130 `\" && echo ansible-tmp-1498895076.45-202255130489130=\"` echo $HOME/.ansible/tmp/ansible-tmp-1498895076.45-202255130489130 `\" ), exited with result 1",
"unreachable": true
}
I have already tried changing the ansible.cfg for remote_dir, changed connection type as suggested in https://github.com/ansible/ansible/issues/5725
The verbose mode output is:
Using /etc/ansible/ansible.cfg as config file
Loading callback plugin minimal of type stdout, v2.0 from /usr/lib/python2.7/site-packages/ansible/plugins/callback/__init__.pyc
Using module file /usr/lib/python2.7/site-packages/ansible/modules/core/system/ping.py
<192.168.x.xxx> ESTABLISH SSH CONNECTION FOR USER: None
Using module file /usr/lib/python2.7/site-packages/ansible/modules/core/system/ping.py
<192.168.x.xxx> SSH: ansible.cfg set ssh_args: (-C)(-o)(ControlMaster=auto)(-o)(ControlPersist=60s)
<192.168.x.xxx> SSH: ansible_password/ansible_ssh_pass not set: (-o)(KbdInteractiveAuthentication=no)(-o)(PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey)(-o)(PasswordAuthentication=no)
<192.168.x.xxx> SSH: ANSIBLE_TIMEOUT/timeout set: (-o)(ConnectTimeout=10)
<192.168.x.xxx> SSH: PlayContext set ssh_common_args: ()
<192.168.x.xxx> SSH: PlayContext set ssh_extra_args: ()
<192.168.x.xxx> SSH: found only ControlPersist; added ControlPath: (-o)(ControlPath=/home/webtech/.ansible/cp/ansible-ssh-%h-%p-%r)
<192.168.x.xxx> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/webtech/.ansible/cp/ansible-ssh-%h-%p-%r 192.168.x.xxx '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1498903623.28-136703981609211 `" && echo ansible-tmp-1498903623.28-136703981609211="` echo $HOME/.ansible/tmp/ansible-tmp-1498903623.28-136703981609211 `" ) && sleep 0'"'"''
Nothing helped.
Please help me, how can I run my playbook in those 2 hosts?
ansible <>
add -s at the end to run it as sudo user
My Ansible playbook connects to a remote node using a Proxy.
When the Ansible play book runs; it gives the following ERROR while doing the ssh step.
[root#vm1-msdp ANSIBLE]# ansible-playbook fend_file.yaml -i env/target -vvvvv
PLAY [LAB1] *******************************************************************
GATHERING FACTS ***************************************************************
<10.169.99.222> ESTABLISH CONNECTION FOR USER: msdp
<10.169.99.222> REMOTE_MODULE setup
<10.169.99.222> EXEC sshpass -d9 ssh -C -tt -vvv -o ProxyCommand="nc -x 142.133.134.161:1088 %h %p" -o StrictHostKeyChecking=no -o GSSAPIAuthentication=no -o PubkeyAuthentication=no -o User=msdp -o ConnectTimeout=10 10.169.99.222 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1473708903.98-28407509853006 && echo $HOME/.ansible/tmp/ansible-tmp-1473708903.98-28407509853006'
fatal: [10.169.99.222] => SSH Error: ssh_exchange_identification: Connection closed by remote host
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.
But when I run the ssh command myself, I am able to successfully connect.
[root#vm1-msdp ANSIBLE]# ssh -C -tt -o ProxyCommand="nc -x 142.133.134.161:1088 %h %p" -o StrictHostKeyChecking=no -o GSSAPIAuthentication=no -o PubkeyAuthentication=no -o User=root -o ConnectTimeout=10 10.169.99.222
root#10.169.99.222's password:
Last login: Mon Sep 12 12:28:19 2016 from 10.169.102.6
root#IC02 ~ #
Do I need to clear any ansible files ?
When you run the SSH command manually, you are specifying the root user. Your Ansible playbook is using your local user of msdp. Try setting your ansible_user variable in your inventory file. Maybe something like:
10.169.99.22 ansible_user=root
Unable to SSH into server with Ansible.
$ ansible myserver -m ping -u username\#company.com -vvvvv
Using /etc/ansible/ansible.cfg as config file
Loaded callback minimal of type stdout, v2.0
<ip.ad.dr.es> ESTABLISH SSH CONNECTION FOR USER: username#company.com
<ip.ad.dr.es> SSH: ansible.cfg set ssh_args: (-o)(ControlMaster=auto)(-o)(ControlPersist=60s)
<ip.ad.dr.es> SSH: ANSIBLE_REMOTE_PORT/remote_port/ansible_port set: (-o)(Port=22)
<ip.ad.dr.es> SSH: ANSIBLE_PRIVATE_KEY_FILE/private_key_file/ansible_ssh_private_key_file set: (-o)(IdentityFile="/Users/username/.ssh/id_rsa")
<ip.ad.dr.es> SSH: ansible_password/ansible_ssh_pass not set: (-o)(KbdInteractiveAuthentication=no)(-o)(PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey)(-o)(PasswordAuthentication=no)
<ip.ad.dr.es> SSH: ANSIBLE_REMOTE_USER/remote_user/ansible_user/user/-u set: (-o)(User=username#company.com)
<ip.ad.dr.es> SSH: ANSIBLE_TIMEOUT/timeout set: (-o)(ConnectTimeout=10)
<ip.ad.dr.es> SSH: PlayContext set ssh_common_args: ()
<ip.ad.dr.es> SSH: PlayContext set ssh_extra_args: (-A)
<ip.ad.dr.es> SSH: found only ControlPersist; added ControlPath: (-o)(ControlPath=/Users/username/.ansible/cp/ansible-ssh-%h-%p-%r)
<ip.ad.dr.es> SSH: EXEC ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o Port=22 -o 'IdentityFile="/Users/username/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=username#company.com -o ConnectTimeout=10 -o ControlPath=/Users/username/.ansible/cp/ansible-ssh-%h-%p-%r ip.ad.dr.es '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1469804843.87-104204648028091 `" && echo ansible-tmp-1469804843.87-104204648028091="` echo $HOME/.ansible/tmp/ansible-tmp-1469804843.87-104204648028091 `" ) && sleep 0'"'"''
ip.ad.dr.es | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh.",
"unreachable": true
}
Able to log in to the same server by manually doing a SSH from my Mac.
ssh -p 22 -A -i ~/.ssh/id_rsa username\#company.com#ip.ad.dr.es -X -C
Any idea on how to troubleshoot this further?
Looked for /var/log/auth.log on this server, and did not find the file. Not sure which other file to look at to see what is going on.
Edit #1:
Also did this -
ssh_args: (-o)(ControlMaster=auto)(-o)(ControlPersist=60s)(-o)(ForwardAgent=yes)
i.e. added the ForwardAgent=yes to the ssh_args, and removed the --ssh-extra-args="-A". That did not help either.
See comment on ControlPath being too long. This page - http://docs.ansible.com/ansible/intro_configuration.html#control-path - has the fix.
I'm trying to get set up with Ansible for the first time, to connect to a Raspberry Pi. Following the official 'getting started' steps, I've made an inventory file:
192.168.1.206
.. but the ping fails as follows:
$ ansible all -m ping -vvv
No config file found; using defaults
<192.168.1.206> ESTABLISH SSH CONNECTION FOR USER: pi
<192.168.1.206> SSH: EXEC ssh -C -q -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=pi -o ConnectTimeout=10 -o ControlPath=/Users/username/.ansible/cp/ansible-ssh-%h-%p-%r 192.168.1.206 '/bin/sh -c '"'"'( umask 22 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1464128959.67-131325759126042 `" && echo "` echo $HOME/.ansible/tmp/ansible-tmp-1464128959.67-131325759126042 `" )'"'"''
192.168.1.206 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh.",
"unreachable": true
}
This looks the same as this question, but adding password/user bits make no effect for me, shouldn't be necessary to ping, and aren't in the official example anyhow. In any case I'd prefer to configure Ansible to use a specific public/private key pair (as per ssh -i ~/.ssh/keyfile method..)
Grateful for assistance.
Oh and yes the Raspberry is available at that address:
$ ping 192.168.1.206
PING 192.168.1.206 (192.168.1.206): 56 data bytes
64 bytes from 192.168.1.206: icmp_seq=0 ttl=64 time=83.822 ms
Despite what its name could suggest, Ansible ping module doesn't make an ICMP ping.
It tries to connect to host and makes sure a compatible version of Python is installed (as stated in the documentation).
ping - Try to connect to host, verify a usable python and return pong on success.
If you want to use a specific private key, you can specify ansible_ssh_private_key_file in your inventory file:
[all]
192.168.1.206 ansible_ssh_private_key_file=/home/example/.ssh/keyfile
It works for me.
10.23.4.5 ansible_ssh_pass='password' ansible_user='root'
You can also troubleshoot by executing ssh in debug mode and compare the results when running:
ssh -v pi#192.168.1.206
with:
ansible all -m ping -vvvv