Same result unfortunately. :( paramiko is a no go for me though, as I've got a number of boxes behind a jumpbox. And I use ssh config to get direct access to those. I'll try to think out of the box and see what happens...
On Thursday, 20 March 2014 18:30:50 UTC, Makimoto Marakatti wrote: > > that's a good point. haven't tried. > Will try tomorrow at work and report back. > > thanks! > > On Thursday, 20 March 2014 17:58:45 UTC, James Cammarata wrote: >> >> I see you've set you're setting the transport to ssh rather than smart, >> when you're using EL 5/6, does the same issue occur if you set the >> transport to paramiko or smart? >> >> >> On Thu, Mar 20, 2014 at 11:25 AM, Makimoto Marakatti >> <[email protected]>wrote: >> >>> Hi >>> >>> Last working one was 1.5.1. >>> And yes few changes to the cfg. Here the comments stripped version: >>> >>> [defaults] >>> hostfile = /ansible/etc/hosts >>> library = /usr/share/ansible >>> remote_tmp = /tmp >>> pattern = * >>> forks = 5 >>> poll_interval = 15 >>> sudo_user = root >>> transport = ssh >>> remote_port = 22 >>> connection = ssh >>> timeout = 30 >>> log_path = /ansible/log/ansible.log >>> ansible_managed = Mantained by Ansible. Please refer to {host} to make >>> changes in {file}. Direct edits to this file WILL BE overwritten. >>> display_skipped_hosts = True >>> error_on_undefined_vars = True >>> action_plugins = /usr/share/ansible_plugins/action_plugins >>> callback_plugins = /usr/share/ansible_plugins/callback_plugins >>> connection_plugins = /usr/share/ansible_plugins/connection_plugins >>> lookup_plugins = /usr/share/ansible_plugins/lookup_plugins >>> vars_plugins = /usr/share/ansible_plugins/vars_plugins >>> filter_plugins = /usr/share/ansible_plugins/filter_plugins >>> [paramiko_connection] >>> [ssh_connection] >>> ssh_args = -o PasswordAuthentication=no -o ControlMaster=auto -o >>> ControlPath=~/tmp/ansible-ssh-%h-%p-%r >>> scp_if_ssh = True >>> [accelerate] >>> >>> Normally pipelining is there also, but I just disabled it per advice on >>> this thread. >>> >>> >>> >>> On Thursday, 20 March 2014 15:49:21 UTC, James Cammarata wrote: >>> >>>> What was the last official release that worked for you? Also, are there >>>> any other ansible.cfg settings you've changed from their defaults? >>>> >>>> >>>> On Thu, Mar 20, 2014 at 10:11 AM, Makimoto Marakatti <[email protected] >>>> > wrote: >>>> >>>>> By the way, I did forget to mention that I tried to give a >>>>> passwordless sudo access to the 'ansible' user. >>>>> And did not work. Got the same output. >>>>> Which leads me to think that sudo does not get called properly. >>>>> Just speculating thou.... >>>>> >>>>> >>>>> On Thursday, 20 March 2014 14:35:19 UTC, Makimoto Marakatti wrote: >>>>>> >>>>>> For the record I do have this on ansible.cfg: >>>>>> >>>>>> remote_tmp = /tmp >>>>>> >>>>>> >>>>>> On Thursday, 20 March 2014 14:34:06 UTC, Makimoto Marakatti wrote: >>>>>>> >>>>>>> Hi >>>>>>> >>>>>>> Pipelining is most definitely on. The speed advantage is great. I >>>>>>> tried disabling it and see, but the end result is the same. >>>>>>> >>>>>>> with pipelining on: >>>>>>> >>>>>>> $ ansible commando -sKom ping -vvvv >>>>>>> >>>>>>> sudo password: >>>>>>> <commando> ESTABLISH CONNECTION FOR USER: ansible >>>>>>> <commando> REMOTE_MODULE ping >>>>>>> <commando> EXEC ['ssh', '-C', '-vvv', '-o', >>>>>>> 'PasswordAuthentication=no', '-o', 'ControlMaster=auto', '-o', >>>>>>> 'ControlPath=~/tmp/ansible-ssh-%h-%p-%r', '-o', 'Port=22', '-o', >>>>>>> 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications= >>>>>>> gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', >>>>>>> 'PasswordAuthentication=no', '-o', 'ConnectTimeout=30', 'commando', >>>>>>> '/bin/sh >>>>>>> -c \'sudo -k && sudo -H -S -p "[sudo via ansible, key= >>>>>>> eitjzleioedwxwlkwhlcyyraqeqvqzxk] password: " -u root /bin/sh -c >>>>>>> \'"\'"\'echo SUDO-SUCCESS-eitjzleioedwxwlkwhlcyyraqeqvqzxk; >>>>>>> /usr/bin/python\'"\'"\'\''] >>>>>>> EXEC previous known host file not found for commando >>>>>>> commando | FAILED => ssh connection closed waiting for sudo or su >>>>>>> password prompt >>>>>>> >>>>>>> >>>>>>> >>>>>>> without pipelining: >>>>>>> >>>>>>> $ ansible commando -sKom ping -vvvvv >>>>>>> sudo password: >>>>>>> <commando> ESTABLISH CONNECTION FOR USER: ansible >>>>>>> <commando> REMOTE_MODULE ping >>>>>>> <commando> EXEC ['ssh', '-C', '-tt', '-vvv', '-o', >>>>>>> 'PasswordAuthentication=no', '-o', 'ControlMaster=auto', '-o', >>>>>>> 'ControlPath=~/tmp/ansible-ssh-%h-%p-%r', '-o', 'Port=22', '-o', >>>>>>> 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications= >>>>>>> gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', >>>>>>> 'PasswordAuthentication=no', '-o', 'ConnectTimeout=30', 'commando', >>>>>>> "/bin/sh >>>>>>> -c 'mkdir -p /tmp/ansible-tmp-1395325848.27-139028944178673 && >>>>>>> chmod a+rx /tmp/ansible-tmp-1395325848.27-139028944178673 && echo >>>>>>> /tmp/ansible-tmp-1395325848.27-139028944178673'"] >>>>>>> EXEC previous known host file not found for commando >>>>>>> commando | FAILED => Authentication or permission failure. In some >>>>>>> cases, you may have been able to authenticate and did not have >>>>>>> permissions on the remote directory. Consider changing the remote >>>>>>> temp path in ansible.cfg to a path rooted in "/tmp". Failed command >>>>>>> was: mkdir -p /tmp/ansible-tmp-1395325848.27-139028944178673 &&chmod a >>>>>>> +rx /tmp/ansible-tmp-1395325848.27-139028944178673 && echo /tmp/ >>>>>>> ansible-tmp-1395325848.27-139028944178673, exited with result 1:mkdir >>>>>>> : cannot create directory >>>>>>> `/tmp/ansible-tmp-1395325848.27-139028944178673': >>>>>>> Permission denied >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Thursday, 20 March 2014 14:29:07 UTC, Matt Martz wrote: >>>>>>>> >>>>>>>> Makimoto, >>>>>>>> >>>>>>>> Have you enabled 'pipelining = True' in your ansible.cfg file? >>>>>>>> >>>>>>>> If so, this is potentially the cause. Regardless, it would be nice >>>>>>>> to see the output of ansible -vvvv as that would help identify if >>>>>>>> pipelining is being used or not, or any other potential issues. >>>>>>>> >>>>>>>> -- >>>>>>>> Matt Martz >>>>>>>> [email protected] >>>>>>>> >>>>>>>> On March 20, 2014 at 9:05:26 AM, Makimoto Marakatti ( >>>>>>>> [email protected]) wrote: >>>>>>>> >>>>>>>> >>>>>>>> Hi all >>>>>>>> >>>>>>>> I had few sudo issues in the past, and those got solved. Now after >>>>>>>> updating to latest release (1.5.3) the problem has resurfaced again. >>>>>>>> My master box has an ansible user. Which connects through ssh certs >>>>>>>> and has sudo rights to root on each of the remote boxes. >>>>>>>> I've got 62 boxes that are failing if I sudo to them with ansible. >>>>>>>> Those 62 are a mixture to rhel/centos 5.?/6.? 32/64. Nothing in common. >>>>>>>> Examples below are shown using a single box. >>>>>>>> >>>>>>>> So if I do not use sudo, it works: >>>>>>>> >>>>>>>> $ ansible commando -om ping >>>>>>>> commando | success >> {"changed": false, "ping": "pong"} >>>>>>>> >>>>>>>> Now with sudo: >>>>>>>> >>>>>>>> $ ansible commando -sKom ping >>>>>>>> sudo password: >>>>>>>> commando | FAILED => ssh connection closed waiting for sudo or su >>>>>>>> password prompt >>>>>>>> >>>>>>>> and yet: >>>>>>>> >>>>>>>> $ ssh commando >>>>>>>> Last login: Thu Mar 20 12:02:12 2014 from ansible_master.passmark. >>>>>>>> net >>>>>>>> [ansible@commando ~]$ sudo su - >>>>>>>> [sudo] password for ansible: >>>>>>>> [root@commando ~]# id >>>>>>>> uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4( >>>>>>>> adm),6(disk),10(wheel) >>>>>>>> >>>>>>>> I actually updated to dev as I was told that my previous sudo >>>>>>>> issues had been solved in the dev branch. Unfortunately no difference. >>>>>>>> (It >>>>>>>> got rid of the nagging "previous host file not found" message thou) >>>>>>>> >>>>>>>> Any help to try to clear this issue for once and for all would be >>>>>>>> very welcome indeed. >>>>>>>> >>>>>>>> Thanks >>>>>>>> >>>>>>>> -- >>>>>>>> You received this message because you are subscribed to the Google >>>>>>>> Groups "Ansible Project" group. >>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>> send an email to [email protected]. >>>>>>>> To post to this group, send email to [email protected]. >>>>>>>> To view this discussion on the web visit >>>>>>>> https://groups.google.com/d/msgid/ansible-project/74e9609c- >>>>>>>> e50e-46ea-8d34-ae331d47f52e%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/74e9609c-e50e-46ea-8d34-ae331d47f52e%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>>> . >>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>> >>>>>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Ansible Project" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To post to this group, send email to [email protected]. >>>>> To view this discussion on the web visit https://groups.google.com/d/ >>>>> msgid/ansible-project/ed4c47a9-ec1f-4256-9bfc- >>>>> 4d45a54bfa5f%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/ed4c47a9-ec1f-4256-9bfc-4d45a54bfa5f%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> >>>> >> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/fb82e8ad-c731-4588-bf07-f726f05b7c1b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
