We Keep Coding

Docker-machine can't use userdata add key to ssh cloud image

My provider : OpenStack
VM OS: Ubuntu 16.04
Docker-machine Version: 0.14.0
Problem:
I want to use userdata add another public key to authorized_keys,
using --openstack-user-data-file option to specify my userdata.yml.
Here is my userdata.yml:
#cloud-config
users:
- default
- name: ubuntu
groups: sudo
shell: /bin/bash
sudo: ['ALL=(ALL) NOPASSWD:ALL']
ssh-authorized-keys:
- ssh-rsa XXXXXXXXXXXXXX
Use docker-machine command to create vm:
docker-machine --debug create --driver openstack
--openstack-auth-url http://x.x.x.x:5001/v3
--openstack-domain-id defaule
--openstack-endpoint-type adminURL
--openstack-floatingip-pool ext-net
--openstack-keypair-name mykey
--openstack-flavor-id 4
--openstack-image-name ubuntu-16.04-cloud
--openstack-net-name private
--openstack-password XXXXX
--openstack-private-key-file /home/demo/id_rsa
--openstack-sec-groups default
--openstack-ssh-user ubuntu
--openstack-tenant-name admin
--openstack-user-data-file /home/demo/userdata.yml
--openstack-username admin
vm
After creating vm , docker-machine stuck " waiting for ssh to be available".
Here is debug output:
Getting to WaitForSSH function...
(vm) Calling .GetSSHHostname
(vm) Calling .GetSSHPort
(vm) Calling .GetSSHKeyPath
(vm) Calling .GetSSHKeyPath
(vm) Calling .GetSSHUsername
Using SSH client type: external
Using SSH private key: /root/.docker/machine/machines/vm/id_rsa (-rw-------)
&{[-F /dev/null -o PasswordAuthentication=no -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=no -o ControlPath=none ubuntu#10.50.2.36 -o IdentitiesOnly=yes -i /root/.docker/machine/machines/vm/id_rsa -p 22] /usr/bin/ssh <nil>}
About to run SSH command:
exit 0
SSH cmd err, output: exit status 255:
Error getting ssh command 'exit 0' : ssh command error:
command : exit 0
err : exit status 255
output :
I try to ssh to vm by command:
ssh -i /root/.docker/machine/machines/vm/id_rsa ubuntu#10.50.2.36
But got error message:
Permission denied (publickey).
So, I try another key , the key was in option of --openstack-private-key-file /home/demo/id_rsa
ssh -i /home/demo/id_rsa ubuntu#10.50.2.36
ssh was successful!
I checked two keys, /root/.docker/machine/machines/vm/id_rsa and /home/demo/id_rsa,
but two keys are the same.
I was confused, why the same keys, one can ssh another one can't ssh?

In order for Docker-Machine to set-up a virtual machine on OpenStack, you need to activate the config_drive option: docker-machine --openstack-config-drive [OTHER_OPTIONS] <MACHINE_NAME>

Why isn't ssh-agent authenticating the private key's passphrase when I use Ansible?

In short,
ssh-agent will authenticate the passphrase when I ssh into the remote server from the command line, but whenever I execute an ansible playbook it asks for the passphrase. My question is, why won't ssh-agent authenticate the passphrase for Ansible? How can I get it to work?
In detail,
I created a password protected private key and corresponding public key and uploaded the public key to the server.
I invoked the ssh-agent using eval $(ssh-agent) and then ssh-add /etc/ansible/ssh/private-key.pem
Typing ssh-agent -l shows that the key has been added.
I can successfully ssh into the machine from the command line using ssh username#ipaddress without being asked for the passphrase.
but if I execute a playbook or do something like sudo ansible -m ping server it will say
Enter passphrase for key '/etc/ansible/ssh/private-key.pem':
I tried it again in verbose mode and it gives me the following information
ansible 2.4.2.0
config file = /etc/ansible/ansible.cfg configured
module search path = [u'/etc/ansible/library']
ansible python module
location = /usr/lib/python2.7/dist-packages/ansible
executable
location = /usr/bin/ansible
python version = 2.7.12 (default, Nov 20
2017, 18:23:56) [GCC 5.4.0 20160609] Using /etc/ansible/ansible.cfg as
config file Parsed /etc/ansible/hosts inventory source with ini plugin
META: ran handlers Using module file
/usr/lib/python2.7/dist-packages/ansible/modules/system/ping.py
<35.230.127.195> ESTABLISH SSH CONNECTION FOR USER: user6
<35.230.127.195> SSH: EXEC ssh -C -o ControlMaster=auto -o
ControlPersist=60s -o StrictHostKeyChecking=no -o Port=22 -o
'IdentityFile="/etc/ansible/ssh/private-key.pem"' -o
KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=user6 -o ConnectTimeout=10 -o ControlPath=/home/user6/.ansible/cp/e26536be01 35.230.127.195 '/bin/sh
-c '"'"'echo ~ && sleep 0'"'"'' Enter passphrase for key '/etc/ansible/ssh/private-key.pem':
My Environment
Ansible version is 2.4.2.0
Python version is 2.7.12
OpenSSH_7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g
The ssh keys were created using RSA (not SSH-1 RSA)
and 4096 bits.
In ansible.cfg transport is set to smart.
The key is encrypted using ansible-vault, but I've tried doing it
without encryption and it makes no difference.
Please help, I don't have much hair left.
UPDATE: Using transport = local executes everything locally (ie it doesn't execute the ansible playbook on the remote server(even though it looks like it does)).

Go to ansible.cfg file at below location:
/etc/ansible/ansible.cfg
And set the transport = local :
transport = local
Thanks

Running ansible but keep getting failed to connect via ssh

MacBook-Pro:rails1 woo$ ssh vagrant#10.0.1.92
Welcome to Ubuntu 14.04.4 LTS (GNU/Linux 3.13.0-91-generic x86_64)
* Documentation: https://help.ubuntu.com/
System information as of Tue Jul 5 03:52:20 UTC 2016
System load: 0.0 Users logged in: 1
Usage of /: 4.0% of 39.34GB IP address for eth0: 10.0.2.15
Memory usage: 32% IP address for eth1: 10.0.1.100
Swap usage: 0% IP address for eth2: 10.0.1.92
Processes: 80
Graph this data and manage this system at:
https://landscape.canonical.com/
Get cloud support with Ubuntu Advantage Cloud Guest:
http://www.ubuntu.com/business/services/cloud
Last login: Tue Jul 5 03:52:20 2016 from 10.0.1.19
vagrant#vagrant-ubuntu-trusty-64:~$
But,
>ansible -vvvv all -m ping -u vagrant
/Library/Python/2.7/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
Using /Users/woo/vagrant_vms/rails1/ansible.cfg as config file
Loaded callback minimal of type stdout, v2.0
<10.0.1.92> ESTABLISH SSH CONNECTION FOR USER: vagrant
<10.0.1.92> SSH: EXEC ssh -C -vvv -o ForwardAgent=yes -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 10.0.1.92 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1467746604.02-144506913281055 `" && echo ansible-tmp-1467746604.02-144506913281055="` echo $HOME/.ansible/tmp/ansible-tmp-1467746604.02-144506913281055 `" ) && sleep 0'"'"''
10.0.1.92 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh.",
"unreachable": true
}
I've done:
cat ~/.ssh/id_rsa.pub | ssh vagrant#10.0.1.92 "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
and it was successful as tested by the ssh command.
I don't understand why I keep getting the Failed to connect message.
The 10.0.1.92 is in the hosts file and the ip of the vm is set to that ip.

Can you try this:
ansible -vvvv all -m ping -u vagrant

Try to issue these two commands before connecting the vagrant box with Ansible.
$ eval $(ssh-agent -s)
$ ssh-add

regenerating certificates hangs on windows 7

I'm a total docker newbie and tried to get it working on my windows 7 64-bit machine.
The installation went okay, but the "Docker Quickstart Terminal" will not start up as expected. It seems to hang when trying to create the SSH key:
(default) Downloading https://github.com/boot2docker/boot2docker/releases/download/v
(default) 0%....10%....20%....30%....40%....50%....60%....70%....80%....90%....100%
(default) Creating VirtualBox VM...
(default) Creating SSH key...
Error creating machine: Error in driver during machine creation: exit status 1
Looks like something went wrong... Press any key to continue...
so I tried to regenerate the certificates in a cmd window and also this does not work:
>docker-machine regenerate-certs default
Regenerate TLS machine certs? Warning: this is irreversible. (y/n): y
Regenerating TLS certificates
Detecting the provisioner...
OS type not recognized
I've tried to deactivate my virus scanner and execute the cmd windows as admin without success.
Any ideas what to check? Are there any interesting logfiles?
here's the docker version output:
Client:
Version: 1.9.1
API version: 1.21
Go version: go1.4.3
Git commit: a34a1d5
Built: Fri Nov 20 17:56:04 UTC 2015
OS/Arch: windows/amd64
An error occurred trying to connect: Get http://localhost:2375/v1.21/version: dial tcp 127.0.0.1:2375:
ConnectEx tcp: No connection could be made because the target machine actively refused it.

If you don't have hyper-v activated (that is more a Windows 10 issue), and if your BIOS VT-X/AMD-v is enabled, then something else went wrong.
If docker-machine ls still lists the default machine, delete it: docker-machine rm default.
If you had (previous to your docker-toolbox installation) a VirtualBox already installed, try and:
uninstall completely VirtualBox
in C:\Windows\system32\drivers\, find and delete these five files (there may be less left, that is ok, delete them anyway):
vboxdrv.sys,
vboxnetadp.sys,
vboxnetflt.sys,
vboxusbmon.sys,
vboxusb.sys.
in regedit, key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\, delete these 5 folders (there may be less left, that is ok, delete them anyway):
VBoxDrv,
VBoxNetAdp,
VBoxNetFlt,
VBoxUSBMon,
VBoxUSB.
Then reinstall the latest VirtualBox.
Make sure:
you have the latest docker-machine copied somewhere in your PATH (the 0.5.3 has been released 22 hours ago: releases/download/v0.5.3/docker-machine_windows-amd64.exe).
%HOME% is defined (typically to %HOMEDRIVE%%HOMEPATH%)
From there, try manually to recreate the default machine like the quick-start script did:
docker-machine create -d virtualbox --virtualbox-memory 2048 --virtualbox-disk-size 204800 default
eval $($DOCKER_MACHINE env my_new_container --shell=bash)
docker-machine ssh my_new_container

I've now tried to create a Linux VM directly in VirtualBox and start it from there: also gets some time-out. So I think it's not related to docker.
I've found a VirtualBox bug-report that says, that this can happen when you have Avira installed.
Here's a discussion about the issue on the Avira forum - unfortunatly mostly in German.
One paragraph indicates that it may help to deactivate "Advanced process protection":
Configuration -> General -> Security and disable the option "Advanced
process protection". Click "Apply" and restart the device. You should
be able to run your VM in VirtualBox after that.
In my case this does not help, so I'll need to wait for a fix or completely uninstall Avira.

(defualt) DBG | Getting to WaitForSSH function...
(defualt) DBG | Using SSH client type: external
(defualt) DBG | &{[-F /dev/null -o PasswordAuthentication=no -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=no -o ControlPath=none docker#127.0.0.1 -o IdentitiesOnly=yes -i C:\Users\Ming.docker\machine\machines\defualt\id_rsa -p 58549] C:\Program Files\OpenSSH\bin\ssh.exe }
(defualt) DBG | About to run SSH command:
(defualt) DBG | exit 0
(defualt) DBG | SSH cmd err, output: exit status 255:
(defualt) DBG | Error getting ssh command 'exit 0' : Something went wrong running an SSH command!
(defualt) DBG | command : exit 0
(defualt) DBG | err : exit status 255
(defualt) DBG | output :

Ansible script ssh error

I am creating a vm in openstack (linux vm) and launching ansible script from there.I am getting following ssh error.
---
- hosts: licproxy
user: my-user
sudo: yes
tasks:
- name: Install tinyproxy#
command: sudo apt-get install tinyproxy
- name: Update tinyproxy
command: sudo apt-get update
- name: Install bind9
shell: yes '' | sudo apt-get install bind9
Though I am directly able to ssh to machine 10.32.1.40 from the linux box in openstack admin-keydev29
PLAY [licproxy] ***********************************************************
GATHERING FACTS ***************************************************************
<10.32.1.40> ESTABLISH CONNECTION FOR USER: my-user
<10.32.1.40> REMOTE_MODULE setup
<10.32.1.40> EXEC ssh -C -tt -vvv -o StrictHostKeyChecking=no -o IdentityFile="/opt/apps/installer/tenant-dev29/ssh/admin-key-dev29" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=my-user -o ConnectTimeout=10 10.32.1.40 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1450797442.33-90087292637238 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1450797442.33-90087292637238 && echo $HOME/.ansible/tmp/ansible-tmp-1450797442.33-90087292637238'
EXEC previous known host file not found for 10.32.1.40
fatal: [10.32.1.40] => SSH Error: ssh: connect to host 10.32.1.40 port 22: Connection refused
while connecting to 10.32.1.40:22
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.
TASK: [Install tinyproxy] *****************************************************
FATAL: no hosts matched or all hosts have already failed -- aborting
I removed from known_host entry and ran the script again it is still showing me same message.
UPDATE
I observed manual ssh is working fine.but ansible script is giving ssh error.
I logged in to the newly created vm using ssh key and checked /var/log/auth.log file
Dec 30 13:00:33 licproxy-vm sshd[1184]: Server listening on :: port 22.
Dec 30 13:01:10 licproxy-vm sshd[1448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Dec 30 13:01:10 licproxy-vm sshd[1448]: Connection closed by 192.168.0.106 [preauth]
Dec 30 13:01:32 licproxy-vm sshd[1450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
The vm has sshd version OpenSSH_6.6.1 version
I checked /etc/ssh folder i found ssh_host_ed25519_key and ssh_host_ed25519_key.pub missing
I created those file using command ssh-keygen -A.
Now I want to know why these files are missing from ssh folder.Is this a bug?

Problem was because of ssh port 22.The port was not up.
I added the following code.which basically wait for ssh port to come up.
while ! nc -z $PROXY_SERVER_IP 22; do
sleep 10s
done