Here's what I found: http://docs.ansible.com/intro_getting_started.html#host-key-checking
On Thu, Sep 4, 2014 at 3:31 PM, Willard Dennis <[email protected]> wrote: > Wild guess was CORRECT - the runs work now. > > So, what could have changed on this box that > "export ANSIBLE_HOST_KEY_CHECKING=False" would have fixed? (not a SSH > guru here... pls educate me) > > Thanks, > Will > > > On Thursday, September 4, 2014 3:07:19 PM UTC-4, Mikhail Koshelev wrote: >> >> Just a wild guess - can you try running ansible-playbook with >> ANSIBLE_HOST_KEY_CHECKING=False ? >> >> >> On Thursday, September 4, 2014 11:12:30 AM UTC-7, Willard Dennis wrote: >>> >>> I can indeed SSH straight in (using 'root' with password.) >>> >>> I made sure "PermitRootLogin" was explicitly set to 'yes' in >>> sshd_config, restarted sshd, and tried again. The Ansible command still >>> hangs, and no messages in /var/log/secure, other than when I kill the >>> Ansible process, it reports "Connection closed": >>> >>> Sep 4 14:06:34 problem-svr sshd[1457]: Received signal 15; terminating. >>> Sep 4 14:06:34 problem-svr sshd[17358]: Server listening on 0.0.0.0 >>> port 22. >>> Sep 4 14:06:34 problem-svr sshd[17358]: Server listening on :: port 22. >>> Sep 4 14:07:16 problem-svr sshd[17360]: Connection closed by >>> 192.168.180.53 [preauth] >>> >>> Very strange & frustrating... >>> >>> >>> On Thursday, September 4, 2014 1:40:58 PM UTC-4, Dick Davies wrote: >>>> >>>> Huh weird - I've started porting some of our centos6 play books over >>>> to centos7 and didn't have >>>> any trouble (OSX client, pure ssh transport) but that was using SSH >>>> pubkey auth. >>>> >>>> Maybe there's something up with the way centos7 does password auth? >>>> >>>> I'm guessing you can ssh straight in as the ansible user with the same >>>> pass etc? >>>> (If not, fix that first :) ) >>>> >>>> If so I'd check /var/log/secure and see if there are any differences >>>> in how sshd is >>>> seeing the sessions of the ansible connection vs. your vanilla ssh >>>> client. >>>> >>>> >>>> >>>> On 4 September 2014 18:04, Willard Dennis <[email protected]> >>>> wrote: >>>> > Hi all, >>>> > >>>> > >>>> > I just installed CentOS 7 on a new machine, and 'yum update'-ed it to >>>> pick >>>> > up the latest packages. Here's the output of 'uname -a' and >>>> > '/etc/redhat-release': >>>> > >>>> > [root@problem-svr ~]# uname -a >>>> > Linux problem-svr.mycompany.com 3.10.0-123.6.3.el7.x86_64 #1 SMP Wed >>>> Aug 6 >>>> > 21:12:36 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux >>>> > [root@problem-svr ~]# cat /etc/redhat-release >>>> > CentOS Linux release 7.0.1406 (Core) >>>> > >>>> > >>>> > When I try to do anything with Ansible (v1.7.1 running on Ubuntu >>>> 12.04.5) >>>> > against this box, it just hangs (even '-m ping') When I throw the >>>> '-vvvv' on >>>> > the run, here's what I see: >>>> > >>>> > >>>> > will@wdennis-p390:~/ansible-stuff$ ansible -vvvv problem-svr -u root >>>> -k -i >>>> > test -m setup >>>> > SSH password: >>>> > <problem-svr> ESTABLISH CONNECTION FOR USER: root >>>> > <problem-svr> REMOTE_MODULE setup >>>> > <problem-svr> EXEC ['sshpass', '-d6', 'ssh', '-C', '-tt', '-vvv', >>>> '-o', >>>> > 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', >>>> > 'ControlPath=/home/will/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', >>>> 'Port=22', >>>> > '-o', 'GSSAPIAuthentication=no', '-o', 'PubkeyAuthentication=no', >>>> '-o', >>>> > 'User=root', '-o', 'ConnectTimeout=10', 'problem-svr-new', "/bin/sh >>>> -c >>>> > 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1409846776.31-88290040276656 >>>> && >>>> > echo $HOME/.ansible/tmp/ansible-tmp-1409846776.31-88290040276656'"] >>>> > >>>> > >>>> > I do see a SSH session initiated on the host: >>>> > >>>> > >>>> > [root@problem-svr ~]# ss -4 -t >>>> > State Recv-Q Send-Q Local Address:Port Peer Address:Port >>>> > ESTAB 0 208 192.168.180.22:ssh 192.168.180.50:63172 >>>> > [root@problem-svr ~]# ss -4 -t >>>> > State Recv-Q Send-Q Local Address:Port Peer Address:Port >>>> > ESTAB 0 0 192.168.180.22:ssh 192.168.180.53:42717 <--- Ansible >>>> session >>>> > ESTAB 0 0 192.168.180.22:ssh 192.168.180.50:63172 >>>> > >>>> > >>>> > But then, the session just times out and finally drops: >>>> > >>>> > >>>> > State Recv-Q Send-Q Local Address:Port Peer Address:Port >>>> > FIN-WAIT-2 0 0 192.168.180.22:ssh 192.168.180.53:42717 >>>> > ESTAB 0 208 192.168.180.22:ssh 192.168.180.50:63172 >>>> > [root@problem-svr ~]# ss -4 -t >>>> > State Recv-Q Send-Q Local Address:Port Peer Address:Port >>>> > ESTAB 0 208 192.168.180.22:ssh 192.168.180.50:63172 >>>> > >>>> > >>>> > Meanwhile, the Ansible process on the control machine keeps trying >>>> (i.e., >>>> > does not die when the session ends) and eventually, I kill it with a >>>> Ctrl-C. >>>> > >>>> > I did already try setting SELinux to "disabled" on the CentOS 7 box, >>>> and >>>> > turning off the 'firewalld' service (does not seem to make a >>>> difference.) >>>> > >>>> > I do have another CentOS 7 box that I can successfully run Ansible >>>> against, >>>> > so I think it's just something strange on the target CentOS 7 box... >>>> How can >>>> > I further debug this? >>>> > >>>> > >>>> > Thanks, >>>> > Will >>>> > >>>> > -- >>>> > You received this message because you are subscribed to the Google >>>> Groups >>>> > "Ansible Project" group. >>>> > To unsubscribe from this group and stop receiving emails from it, >>>> send an >>>> > email to [email protected]. >>>> > To post to this group, send email to [email protected]. >>>> > To view this discussion on the web visit >>>> > https://groups.google.com/d/msgid/ansible-project/ >>>> 62be84d8-3911-4b74-b124-4c6cde89fc9a%40googlegroups.com. >>>> > For more options, visit https://groups.google.com/d/optout. >>>> >>> -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/db82ddd9-38ef-4699-99c1-28b07ee01820%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/db82ddd9-38ef-4699-99c1-28b07ee01820%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAKsMCERUAN_JURdtL441XsQWV9sSYwD05DTfX4Pd%3D%3DiaH2bq9Q%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
