Authentication or permission failure for some hosts in inventory - ssh

I have a inventory with around 10 hosts and my playbook runs on all except 2. I am able to login to those 2 hosts passwordlessly from Ansible Server. But when I run the playbook or even a simple ping module I get error:
192.168.x.xxx | UNREACHABLE! => {
"changed": false,
"msg": "Authentication or permission failure. In some cases, you may have been able to authenticate and did not have permissions on the remote directory. Consider changing the remote temp path in ansible.cfg to a path rooted in \"/tmp\". Failed command was: ( umask 77 && mkdir -p \"` echo $HOME/.ansible/tmp/ansible-tmp-1498895076.45-202255130489130 `\" && echo ansible-tmp-1498895076.45-202255130489130=\"` echo $HOME/.ansible/tmp/ansible-tmp-1498895076.45-202255130489130 `\" ), exited with result 1",
"unreachable": true
}
I have already tried changing the ansible.cfg for remote_dir, changed connection type as suggested in https://github.com/ansible/ansible/issues/5725
The verbose mode output is:
Using /etc/ansible/ansible.cfg as config file
Loading callback plugin minimal of type stdout, v2.0 from /usr/lib/python2.7/site-packages/ansible/plugins/callback/__init__.pyc
Using module file /usr/lib/python2.7/site-packages/ansible/modules/core/system/ping.py
<192.168.x.xxx> ESTABLISH SSH CONNECTION FOR USER: None
Using module file /usr/lib/python2.7/site-packages/ansible/modules/core/system/ping.py
<192.168.x.xxx> SSH: ansible.cfg set ssh_args: (-C)(-o)(ControlMaster=auto)(-o)(ControlPersist=60s)
<192.168.x.xxx> SSH: ansible_password/ansible_ssh_pass not set: (-o)(KbdInteractiveAuthentication=no)(-o)(PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey)(-o)(PasswordAuthentication=no)
<192.168.x.xxx> SSH: ANSIBLE_TIMEOUT/timeout set: (-o)(ConnectTimeout=10)
<192.168.x.xxx> SSH: PlayContext set ssh_common_args: ()
<192.168.x.xxx> SSH: PlayContext set ssh_extra_args: ()
<192.168.x.xxx> SSH: found only ControlPersist; added ControlPath: (-o)(ControlPath=/home/webtech/.ansible/cp/ansible-ssh-%h-%p-%r)
<192.168.x.xxx> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/webtech/.ansible/cp/ansible-ssh-%h-%p-%r 192.168.x.xxx '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1498903623.28-136703981609211 `" && echo ansible-tmp-1498903623.28-136703981609211="` echo $HOME/.ansible/tmp/ansible-tmp-1498903623.28-136703981609211 `" ) && sleep 0'"'"''
Nothing helped.
Please help me, how can I run my playbook in those 2 hosts?

ansible <>
add -s at the end to run it as sudo user

Related

kubespary:ansible can't send data with ssh to a node in ansible-playbook command

in step 10 of tutorial
https://dzone.com/articles/kubespray-10-simple-steps-for-installing-a-product
for deploying a production ready kubernetes cluster with kubespray, an error occured when running ansible-playbook command.error is:
ERROR! SSH Error: data could not be sent to the remote host. Make sure this host can be reached over ssh
ssh passwordless is active between nodes and i can run ssh from each nodes without password.
can anyone help me?
thanks
this is my command and it's output:
master-node#master-node:~/kubespray$ sudo ansible all -i inventory/mycluster/hosts.ini -m ping -vvv
ansible 2.7.8
config file = /home/master-node/kubespray/ansible.cfg
configured module search path = [u'/home/master-node/kubespray/library']
ansible python module location = /usr/local/lib/python2.7/dist-packages/ansible
executable location = /usr/local/bin/ansible
python version = 2.7.12 (default, Nov 12 2018, 14:36:49) [GCC 5.4.0 20160609]
Using /home/master-node/kubespray/ansible.cfg as config file
/home/master-node/kubespray/inventory/mycluster/hosts.ini did not meet host_list requirements, check plugin documentation if this is unexpected
/home/master-node/kubespray/inventory/mycluster/hosts.ini did not meet script requirements, check plugin documentation if this is unexpected
/home/master-node/kubespray/inventory/mycluster/hosts.ini did not meet yaml requirements, check plugin documentation if this is unexpected
Parsed /home/master-node/kubespray/inventory/mycluster/hosts.ini inventory source with ini plugin
META: ran handlers
Using module file /usr/local/lib/python2.7/dist-packages/ansible/modules/system/ping.py
<192.168.1.107> ESTABLISH SSH CONNECTION FOR USER: worker-node
<192.168.1.107> SSH: EXEC ssh -o ControlMaster=auto -o ControlPersist=30m -o ConnectionAttempts=100 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=worker-node -o ConnectTimeout=10 -o ControlPath=/home/master-node/.ansible/cp/e24ed02313 192.168.1.107 '/bin/sh -c '"'"'/usr/bin/python && sleep 0'"'"''
Using module file /usr/local/lib/python2.7/dist-packages/ansible/modules/system/ping.py
<192.168.1.142> ESTABLISH SSH CONNECTION FOR USER: master-node
<192.168.1.142> SSH: EXEC ssh -o ControlMaster=auto -o ControlPersist=30m -o ConnectionAttempts=100 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=master-node -o ConnectTimeout=10 -o ControlPath=/home/master-node/.ansible/cp/01ac2924af 192.168.1.142 '/bin/sh -c '"'"'/usr/bin/python && sleep 0'"'"''
master-node | UNREACHABLE! => {
"changed": false,
"msg": "SSH Error: data could not be sent to remote host \"192.168.1.142\". Make sure this host can be reached over ssh",
"unreachable": true
}
worker-node | UNREACHABLE! => {
"changed": false,
"msg": "SSH Error: data could not be sent to remote host \"192.168.1.107\". Make sure this host can be reached over ssh",
"unreachable": true
}

Issue passing argument to ansible ssh

Below ssh connectivity works fine:
ssh -i /opt/cert/id_rsa_prod targetuser#targethost -t bash
My ansible host file has the below entry
[target*]
targethost ansible_python_interpreter=/opt/bin/python2.7 ansible_ssh_extra_args="-t bash" ansible_ssh_common_args="-t" ansible_ssh_private_key_file=/opt/cert/id_rsa_prod USER_RUN=targetuser
When I run this ansible playbook it fails to connect to target host and throws the below error output:
23:53:42 ESTABLISH SSH CONNECTION FOR USER: targetuser
23:53:42 SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o
ControlPersist=60s -o 'IdentityFile="/opt/cert/id_rsa_prod"' -o
KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=targetuser -o ConnectTimeout=10 -t bash -o ControlPath=/home/sourceuser/.ansible/cp/e8313d01d6 targethost '/bin/sh -c '"'"'echo ~targetuser && sleep 0'"'"''
23:53:42 (255, '', 'OpenSSH_7.7p1 (CentrifyDC build
5.5.1-395) , OpenSSL 1.0.2o-fips 27 Mar 2018\r\ndebug1: Reading configuration data /home/sourceuser/.ssh/config\r\ndebug1: Reading
configuration data /etc/centrifydc/ssh/ssh_config\r\ndebug1:
/etc/centrifydc/ssh/ssh_config line 3: Applying options for
*\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: Control socket "/home/sourceuser/.ansible/cp/e8313d01d6" does not
exist\r\ndebug2: resolving "bash" port 22\r\nssh: Could not resolve
hostname bash: Name or service not known\r\n')
23:53:42 fatal: [targethost]: UNREACHABLE! => {
23:53:42 "changed": false,
23:53:42 "msg": "Failed to connect to the host via ssh:
OpenSSH_7.7p1 (CentrifyDC build 5.5.1-395) , OpenSSL 1.0.2o-fips 27
Mar 2018\r\ndebug1: Reading configuration data
/home/sourceuser/.ssh/config\r\ndebug1: Reading configuration data
/etc/centrifydc/ssh/ssh_config\r\ndebug1:
/etc/centrifydc/ssh/ssh_config line 3: Applying options for
*\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: Control socket \"/home/sourceuser/.ansible/cp/e8313d01d6\" does not
exist\r\ndebug2: resolving \"bash\" port 22\r\nssh: Could not resolve
hostname bash: Name or service not known\r\n",
23:53:42 "unreachable": true
23:53:42 }
23:53:42 to retry, use: --limit
#/opt/scripts/myfolder/site.retry
23:53:42
23:53:42 PLAY RECAP
23:53:42 targethost : ok=0 changed=0 unreachable=1 failed=0
Can you please suggest how to fix the connectivity issue ?

Unable to SSH into server with Ansible

Unable to SSH into server with Ansible.
$ ansible myserver -m ping -u username\#company.com -vvvvv
Using /etc/ansible/ansible.cfg as config file
Loaded callback minimal of type stdout, v2.0
<ip.ad.dr.es> ESTABLISH SSH CONNECTION FOR USER: username#company.com
<ip.ad.dr.es> SSH: ansible.cfg set ssh_args: (-o)(ControlMaster=auto)(-o)(ControlPersist=60s)
<ip.ad.dr.es> SSH: ANSIBLE_REMOTE_PORT/remote_port/ansible_port set: (-o)(Port=22)
<ip.ad.dr.es> SSH: ANSIBLE_PRIVATE_KEY_FILE/private_key_file/ansible_ssh_private_key_file set: (-o)(IdentityFile="/Users/username/.ssh/id_rsa")
<ip.ad.dr.es> SSH: ansible_password/ansible_ssh_pass not set: (-o)(KbdInteractiveAuthentication=no)(-o)(PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey)(-o)(PasswordAuthentication=no)
<ip.ad.dr.es> SSH: ANSIBLE_REMOTE_USER/remote_user/ansible_user/user/-u set: (-o)(User=username#company.com)
<ip.ad.dr.es> SSH: ANSIBLE_TIMEOUT/timeout set: (-o)(ConnectTimeout=10)
<ip.ad.dr.es> SSH: PlayContext set ssh_common_args: ()
<ip.ad.dr.es> SSH: PlayContext set ssh_extra_args: (-A)
<ip.ad.dr.es> SSH: found only ControlPersist; added ControlPath: (-o)(ControlPath=/Users/username/.ansible/cp/ansible-ssh-%h-%p-%r)
<ip.ad.dr.es> SSH: EXEC ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o Port=22 -o 'IdentityFile="/Users/username/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=username#company.com -o ConnectTimeout=10 -o ControlPath=/Users/username/.ansible/cp/ansible-ssh-%h-%p-%r ip.ad.dr.es '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1469804843.87-104204648028091 `" && echo ansible-tmp-1469804843.87-104204648028091="` echo $HOME/.ansible/tmp/ansible-tmp-1469804843.87-104204648028091 `" ) && sleep 0'"'"''
ip.ad.dr.es | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh.",
"unreachable": true
}
Able to log in to the same server by manually doing a SSH from my Mac.
ssh -p 22 -A -i ~/.ssh/id_rsa username\#company.com#ip.ad.dr.es -X -C
Any idea on how to troubleshoot this further?
Looked for /var/log/auth.log on this server, and did not find the file. Not sure which other file to look at to see what is going on.
Edit #1:
Also did this -
ssh_args: (-o)(ControlMaster=auto)(-o)(ControlPersist=60s)(-o)(ForwardAgent=yes)
i.e. added the ForwardAgent=yes to the ssh_args, and removed the --ssh-extra-args="-A". That did not help either.
See comment on ControlPath being too long. This page - http://docs.ansible.com/ansible/intro_configuration.html#control-path - has the fix.

Ansible ssh connection

I know there are a few about this but so far nothing seems to work for me.
So I am trying to learn to use Ansible and I got stuck at this ssh connection issue. I think I did everything right however I would appreciate if someone would help out. Let me post the files I have configures and the result I have.
### ansible.cfg ###
[defaults]
inventory = ./Playbooks/hosts
remote_user = ansible
private_key_file = .ssh/id_key.pub
### Playbooks/hosts ###
[server]
ubu1 ansible_ssh_host=192.16.20.69 ansible_ssh_pass=qwerty ansible_ssh_user=ansible
### Command executed ###
sudo ansible -m ping -vvvv ubu1
### The result I get ###
Using /home/ansible/ansible.cfg as config file
Loaded callback minimal of type stdout, v2.0
<192.16.20.69> ESTABLISH SSH CONNECTION FOR USER: ansible
<192.16.20.69> SSH: EXEC sshpass -d12 ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile=".ssh/id_key.pub"' -o User=ansible -o ConnectTimeout=10 -o ControlPath=/home/ansible/.ansible/cp/ansible-ssh-%h-%p-%r 192.16.20.69 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1470766758.25-258256142287087 `" && echo ansible-tmp-1470766758.25-258256142287087="` echo $HOME/.ansible/tmp/ansible-tmp-1470766758.25-258256142287087 `" ) && sleep 0'"'"''
ubu1 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh.",
"unreachable": true
}
Unfortunalty I am unable to continue learning Ansible until I get this solved. One of the things I am wondering if the ssh-agent is not interfering with Ansible and if so and I must admit I have no clue on what to next.
Any help would be appreciated.
Thanks
Perry
The answer from comments above:
Try ANSIBLE_DEBUG=1 ansible -m ping -vvvv ubu1 and check the exact error message
Allowed to trace down problems with ip-addresses and python installation.

Ansible: "Failed to connect to the host via ssh" error

I'm trying to get set up with Ansible for the first time, to connect to a Raspberry Pi. Following the official 'getting started' steps, I've made an inventory file:
192.168.1.206
.. but the ping fails as follows:
$ ansible all -m ping -vvv
No config file found; using defaults
<192.168.1.206> ESTABLISH SSH CONNECTION FOR USER: pi
<192.168.1.206> SSH: EXEC ssh -C -q -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=pi -o ConnectTimeout=10 -o ControlPath=/Users/username/.ansible/cp/ansible-ssh-%h-%p-%r 192.168.1.206 '/bin/sh -c '"'"'( umask 22 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1464128959.67-131325759126042 `" && echo "` echo $HOME/.ansible/tmp/ansible-tmp-1464128959.67-131325759126042 `" )'"'"''
192.168.1.206 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh.",
"unreachable": true
}
This looks the same as this question, but adding password/user bits make no effect for me, shouldn't be necessary to ping, and aren't in the official example anyhow. In any case I'd prefer to configure Ansible to use a specific public/private key pair (as per ssh -i ~/.ssh/keyfile method..)
Grateful for assistance.
Oh and yes the Raspberry is available at that address:
$ ping 192.168.1.206
PING 192.168.1.206 (192.168.1.206): 56 data bytes
64 bytes from 192.168.1.206: icmp_seq=0 ttl=64 time=83.822 ms
Despite what its name could suggest, Ansible ping module doesn't make an ICMP ping.
It tries to connect to host and makes sure a compatible version of Python is installed (as stated in the documentation).
ping - Try to connect to host, verify a usable python and return pong on success.
If you want to use a specific private key, you can specify ansible_ssh_private_key_file in your inventory file:
[all]
192.168.1.206 ansible_ssh_private_key_file=/home/example/.ssh/keyfile
It works for me.
10.23.4.5 ansible_ssh_pass='password' ansible_user='root'
You can also troubleshoot by executing ssh in debug mode and compare the results when running:
ssh -v pi#192.168.1.206
with:
ansible all -m ping -vvvv