Hi Michael, My hosts file is simply:
[hosts] 172.20.0.36 ansible_connection=ssh ansible_ssh_user=deployment ansible_ssh_pass=password and in the playbook I use: - name: configure authorized_keys hosts: hosts user: deployment sudo: yes So not sure why there should be a problem in that instance? However, my main issue is getting ssh working? Thanks, Tim On Tuesday, March 25, 2014 3:05:23 PM UTC, [email protected] wrote: > Hi There, > > I'm attempting to configure ssh access to a user via ansible, as described > in the blog entry at: > http://www.hashbangcode.com/blog/ansible-ssh-setup-playbook > > I'm running this playbook using ansible version 1.4.5 on rhel 6.3. > > My inventory hosts file looks like: > > [hosts] > 172.20.0.36 ansible_connection=ssh ansible_ssh_user=deployment > ansible_ssh_pass=password > > I have sshpass installed: > > > [ansible@rwc-host1 inventory]$ sudo yum list | grep sshpass > sshpass.x86_64 1.05-1.el6 > @epel > > My ansible.cfg file looks like this: > > > [ansible@rwc-host1 inventory]$ cat ansible.cfg > [defaults] > host_key_checking=False > [ansible@rwc-host1 inventory]$ > > I already have the user created on the remote server with sudo access, so > all the playbook really needs to do is take the contents of id_rsa.pub and > add it to the authorized_keys file for the remote user. > > > The user I'm connecting as is the same as the user who's authorized_keys > file I want to create. > > However, the user I'm running the playbook as on the ansible control > machine is different. > For example, the control user is named 'ansible' and the remote user is > named 'deployment' > > The playbook file is: > > --- > > - name: configure authorized_keys > hosts: hosts > user: deployment > sudo: yes > > roles: > - setup > > > The task in my playbook is simply: > > > - name: add create authorized_keys file > authorized_key: user=deployment key="{{ lookup('file', > '~/.ssh/id_rsa.pub') }}" > > But when I run the playbook I get the following error: > > > [ansible@rwc-host1 vm]$ ansible-playbook -i inventory/hosts setup.yml > PLAY [configure authorized_keys] > ********************************************** > GATHERING FACTS > *************************************************************** > previous known host file not found > fatal: [172.20.0.36] => using -c ssh on certain older ssh versions may not > support ControlPersist, set ANSIBLE_SSH_ARGS="" (or ansib > le_ssh_args in the config file) before running again > TASK: [setup | add create authorized_keys file] > ******************************* > FATAL: no hosts matched or all hosts have already failed -- aborting > PLAY RECAP > ******************************************************************** > to retry, use: --limit @/export/home/ansible/setup.retry > 172.20.0.36 : ok=0 changed=0 unreachable=1 > failed=0 > [ansible@rwc-host1 vm]$ > > So then I tried adding the below to my ansible.cfg file: > > > [ssh_connection] > ssh_args = "" > > rerunning the playbook resulted in the same error: > > [ansible@rwc-host1 vm]$ ansible-playbook -i inventory/hosts setup.yml > PLAY [configure authorized_keys] > ********************************************** > GATHERING FACTS > *************************************************************** > previous known host file not found > fatal: [172.20.0.36] => using -c ssh on certain older ssh versions may not > support ControlPersist, set ANSIBLE_SSH_ARGS="" (or ansib > le_ssh_args in the config file) before running again > TASK: [setup | add create authorized_keys file] > ******************************* > FATAL: no hosts matched or all hosts have already failed -- aborting > PLAY RECAP > ******************************************************************** > to retry, use: --limit @/export/home/ansible/setup.retry > 172.20.0.36 : ok=0 changed=0 unreachable=1 > failed=0 > > So, then I thought since ansible uses paramiko instead of openssl on rhel > systems I added the below to my ansible.cfg file: > > [paramiko_connection] > record_host_keys = False > > But that made no difference either. > > I then added the ANSIBLE_SSH_ARGS environment variable: > > export ANSIBLE_SSH_ARGS="" > > This resulted in a different error: > > > [ansible@rwc-host1 vm]$ ansible-playbook -i inventory/hosts setup.yml > PLAY [configure authorized_keys] > ********************************************** > GATHERING FACTS > *************************************************************** > previous known host file not found > fatal: [172.20.0.36] => Authentication or permission failure. In some > cases, you may have been able to authenticate and did not have permissions > on the remote directory. Consider changing the remote temp path in > ansible.cfg to a path rooted in "/tmp". Failed comm > and was: mkdir -p $HOME/.ansible/tmp/ansible-1395740233.19-20098518683931 > && chmod a+rx $HOME/.ansible/tmp/ansible-1395740233.19-200 > 98518683931 && echo > $HOME/.ansible/tmp/ansible-1395740233.19-20098518683931, exited with result > 6 > TASK: [setup | add create authorized_keys file] > ******************************* > FATAL: no hosts matched or all hosts have already failed -- aborting > PLAY RECAP > ******************************************************************** > to retry, use: --limit @/export/home/ansible/setup.retry > 172.20.0.36 : ok=0 changed=0 unreachable=1 > failed=0 > > I then set the remote_tmp variable in the [defaults] section of my > ansible.cfg file, but rerunning the playbook resulted in the same error. > > Since setting the environment variable ANSIBLE_SSH_ARGS seem to have more > affect than settings in the ansible.cfg file, it makes me wonder if > ansible is taking any notice of my ansible.cfg file at all. I'm not sure > how this could happen since its in the same directory as my hosts file and > that is read correctly. > > Is this problem related to rhel and the fact it uses paramiko instead of > openssl? > > Has people any other thoughts as to why I can't seem to ssh to the user > in question using my current configuration? > > Many thanks, > > Tim > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/d9e6e6df-3b1e-4544-9e4b-42dcfaea49e3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
