Hi There,
I'm attempting to configure ssh access to a user via ansible, as described in the blog entry at: http://www.hashbangcode.com/blog/ansible-ssh-setup-playbook I'm running this playbook using ansible version 1.4.5 on rhel 6.3. My inventory hosts file looks like: [hosts] 172.20.0.36 ansible_connection=ssh ansible_ssh_user=deployment ansible_ssh_pass=password I have sshpass installed: [ansible@rwc-host1 inventory]$ sudo yum list | grep sshpass sshpass.x86_64 1.05-1.el6 @epel My ansible.cfg file looks like this: [ansible@rwc-host1 inventory]$ cat ansible.cfg [defaults] host_key_checking=False [ansible@rwc-host1 inventory]$ I already have the user created on the remote server with sudo access, so all the playbook really needs to do is take the contents of id_rsa.pub and add it to the authorized_keys file for the remote user. The user I'm connecting as is the same as the user who's authorized_keys file I want to create. However, the user I'm running the playbook as on the ansible control machine is different. For example, the control user is named 'ansible' and the remote user is named 'deployment' The playbook file is: --- - name: configure authorized_keys hosts: hosts user: deployment sudo: yes roles: - setup The task in my playbook is simply: - name: add create authorized_keys file authorized_key: user=deployment key="{{ lookup('file', '~/.ssh/id_rsa.pub') }}" But when I run the playbook I get the following error: [ansible@rwc-host1 vm]$ ansible-playbook -i inventory/hosts setup.yml PLAY [configure authorized_keys] ********************************************** GATHERING FACTS *************************************************************** previous known host file not found fatal: [172.20.0.36] => using -c ssh on certain older ssh versions may not support ControlPersist, set ANSIBLE_SSH_ARGS="" (or ansib le_ssh_args in the config file) before running again TASK: [setup | add create authorized_keys file] ******************************* FATAL: no hosts matched or all hosts have already failed -- aborting PLAY RECAP ******************************************************************** to retry, use: --limit @/export/home/ansible/setup.retry 172.20.0.36 : ok=0 changed=0 unreachable=1 failed=0 [ansible@rwc-host1 vm]$ So then I tried adding the below to my ansible.cfg file: [ssh_connection] ssh_args = "" rerunning the playbook resulted in the same error: [ansible@rwc-host1 vm]$ ansible-playbook -i inventory/hosts setup.yml PLAY [configure authorized_keys] ********************************************** GATHERING FACTS *************************************************************** previous known host file not found fatal: [172.20.0.36] => using -c ssh on certain older ssh versions may not support ControlPersist, set ANSIBLE_SSH_ARGS="" (or ansib le_ssh_args in the config file) before running again TASK: [setup | add create authorized_keys file] ******************************* FATAL: no hosts matched or all hosts have already failed -- aborting PLAY RECAP ******************************************************************** to retry, use: --limit @/export/home/ansible/setup.retry 172.20.0.36 : ok=0 changed=0 unreachable=1 failed=0 So, then I thought since ansible uses paramiko instead of openssl on rhel systems I added the below to my ansible.cfg file: [paramiko_connection] record_host_keys = False But that made no difference either. I then added the ANSIBLE_SSH_ARGS environment variable: export ANSIBLE_SSH_ARGS="" This resulted in a different error: [ansible@rwc-host1 vm]$ ansible-playbook -i inventory/hosts setup.yml PLAY [configure authorized_keys] ********************************************** GATHERING FACTS *************************************************************** previous known host file not found fatal: [172.20.0.36] => Authentication or permission failure. In some cases, you may have been able to authenticate and did not have permissions on the remote directory. Consider changing the remote temp path in ansible.cfg to a path rooted in "/tmp". Failed comm and was: mkdir -p $HOME/.ansible/tmp/ansible-1395740233.19-20098518683931 && chmod a+rx $HOME/.ansible/tmp/ansible-1395740233.19-200 98518683931 && echo $HOME/.ansible/tmp/ansible-1395740233.19-20098518683931, exited with result 6 TASK: [setup | add create authorized_keys file] ******************************* FATAL: no hosts matched or all hosts have already failed -- aborting PLAY RECAP ******************************************************************** to retry, use: --limit @/export/home/ansible/setup.retry 172.20.0.36 : ok=0 changed=0 unreachable=1 failed=0 I then set the remote_tmp variable in the [defaults] section of my ansible.cfg file, but rerunning the playbook resulted in the same error. Since setting the environment variable ANSIBLE_SSH_ARGS seem to have more affect than settings in the ansible.cfg file, it makes me wonder if ansible is taking any notice of my ansible.cfg file at all. I'm not sure how this could happen since its in the same directory as my hosts file and that is read correctly. Is this problem related to rhel and the fact it uses paramiko instead of openssl? Has people any other thoughts as to why I can't seem to ssh to the user in question using my current configuration? Many thanks, Tim -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/6c36b207-c085-45ac-8343-de6d96f5f55c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
