After a bit more reading and learning, I have found that using the ansible
option:
ansible_ssh_user
is the way to select the ssh user in ansible. It can be placed in ansible's
hosts file, in a playbook or on the command line. In a playbook for example:
---
- hosts: ubuntu14-docker
*vars:*
*- ansible_ssh_user: zorro*
gather_facts: False
tasks:
- name: who am i
command: whoami
register: catout
- debug: var=catout.stdout_lines
On Friday, February 6, 2015 at 3:33:32 PM UTC-8, jason cafarelli wrote:
>
> Issue:
> PAsswordless ssh works; ansible does not; comes back with AUTH failed.
> Almost looks like my /root/.ssh/config is not being read by ansible?
>
> Workarounds:
> setting key manually in /etc/ansible/ansible.cfg or using flag to specify
> key in command line both work
>
> Kickstart/cobbler install with pre shared public key that is stored in
> rsa_compute_node and rsa_compute_node.pub on the mgmt node.
>
> ie:
> [root@mgmt2 ssh]# ls /root/.ssh/
> authorized_keys id_rsa id_rsa_compute.pub id_rsa_mgmt.pub
> known_hosts
> config id_rsa_compute id_rsa_mgmt id_rsa.pub
> [root@mgmt2 ssh]#
>
>
> Config file setup for certian hosts and using my custom ID file:
>
> [root@mgmt2 ssh]# cat /root/.ssh/config
> Host 192.168.*
> StrictHostKeyChecking=no
> IdentityFile ~/.ssh/id_rsa_compute
>
> ssh works without password
> [root@mgmt2 ~]# ssh 192.168.100.147
> [root@u-eth ~]#
>
> Ansible fails:
> [root@mgmt2 ssh]# ansible compute -m ping
> [WARNING]: The version of gmp you have installed has a known issue
> regarding
> timing vulnerabilities when used with pycrypto. If possible, you should
> update
> it (i.e. yum update gmp).
>
> 192.168.100.103 | FAILED => FAILED: Authentication failed.
> 192.168.100.105 | FAILED => FAILED: Authentication failed.
> 192.168.100.101 | FAILED => FAILED: Authentication failed.
> 192.168.100.104 | FAILED => FAILED: Authentication failed.
> 192.168.100.102 | FAILED => FAILED: Authentication failed.
> 192.168.100.107 | FAILED => FAILED: Authentication failed.
> 192.168.100.110 | FAILED => FAILED: Authentication failed.
> 192.168.100.106 | FAILED => FAILED: Authentication failed.
> 192.168.100.108 | FAILED => FAILED: Authentication failed.
> 192.168.100.109 | FAILED => FAILED: Authentication failed.
> 192.168.100.114 | FAILED => FAILED: Authentication failed.
> 192.168.100.113 | FAILED => FAILED: Authentication failed.
> 192.168.100.111 | FAILED => FAILED: Authentication failed.
> 192.168.100.112 | FAILED => FAILED: Authentication failed.
> 192.168.100.115 | FAILED => FAILED: Authentication failed.
> 192.168.100.120 | FAILED => FAILED: Authentication failed.
> 192.168.100.119 | FAILED => FAILED: Authentication failed.
> 192.168.100.117 | FAILED => FAILED: Authentication failed.
> 192.168.100.116 | FAILED => FAILED: Authentication failed.
> 192.168.100.118 | FAILED => FAILED: Authentication failed.
> 192.168.100.121 | FAILED => FAILED: Authentication failed.
> 192.168.100.123 | FAILED => FAILED: Authentication failed.
> 192.168.100.125 | FAILED => FAILED: Authentication failed.
> 192.168.100.122 | FAILED => FAILED: Authentication failed.
> 192.168.100.124 | FAILED => FAILED: Authentication failed.
> 192.168.100.126 | FAILED => FAILED: Authentication failed.
> 192.168.100.129 | FAILED => FAILED: Authentication failed.
> 192.168.100.128 | FAILED => FAILED: Authentication failed.
> 192.168.100.130 | FAILED => FAILED: Authentication failed.
> 192.168.100.127 | FAILED => FAILED: Authentication failed.
> 192.168.100.134 | FAILED => FAILED: Authentication failed.
> 192.168.100.131 | FAILED => FAILED: Authentication failed.
> 192.168.100.132 | FAILED => FAILED: Authentication failed.
> 192.168.100.135 | FAILED => FAILED: Authentication failed.
> 192.168.100.133 | FAILED => FAILED: Authentication failed.
> 192.168.100.137 | FAILED => FAILED: Authentication failed.
> 192.168.100.139 | FAILED => FAILED: Authentication failed.
> 192.168.100.138 | FAILED => FAILED: Authentication failed.
> 192.168.100.140 | FAILED => FAILED: Authentication failed.
> 192.168.100.136 | FAILED => FAILED: Authentication failed.
> 192.168.100.142 | FAILED => FAILED: Authentication failed.
> 192.168.100.143 | FAILED => FAILED: Authentication failed.
> 192.168.100.144 | FAILED => FAILED: Authentication failed.
> 192.168.100.145 | FAILED => FAILED: Authentication failed.
> 192.168.100.141 | FAILED => FAILED: Authentication failed.
> 192.168.100.146 | FAILED => FAILED: Authentication failed.
> 192.168.100.147 | FAILED => FAILED: Authentication failed.
> 192.168.100.148 | success >> {
> "changed": false,
> "ping": "pong"
> }
>
> The last node; i ran ssh-copy-id as a sanity test.
>
> Version:
> [root@mgmt2 ~]# rpm -qa | grep ans
> dejavu-sans-fonts-2.30-2.el6.noarch
> ansible-1.8.1-1.el6.noarch
> [root@mgmt2 ~]#
>
>
> [root@--eth .ssh]# service sshd stop; /usr/sbin/sshd -p 22 -D -d -e
> debug1: sshd version OpenSSH_5.3p1
> debug1: read PEM private key done: type RSA
> debug1: private host key: #0 type 1 RSA
> debug1: read PEM private key done: type DSA
> debug1: private host key: #1 type 2 DSA
> debug1: rexec_argv[0]='/usr/sbin/sshd'
> debug1: rexec_argv[1]='-p'
> debug1: rexec_argv[2]='22'
> debug1: rexec_argv[3]='-D'
> debug1: rexec_argv[4]='-d'
> debug1: rexec_argv[5]='-e'
> Set /proc/self/oom_score_adj from 0 to -1000
> debug1: Bind to port 22 on 0.0.0.0.
> Server listening on 0.0.0.0 port 22.
> debug1: Bind to port 22 on ::.
> Server listening on :: port 22.
> debug1: Server will not fork when running in debugging mode.
> debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
> debug1: sshd version OpenSSH_5.3p1
> debug1: read PEM private key done: type RSA
> debug1: private host key: #0 type 1 RSA
> debug1: read PEM private key done: type DSA
> debug1: private host key: #1 type 2 DSA
> debug1: inetd sockets after dupping: 3, 3
> Connection from 192.168.1.2 port 52557
> debug1: Client protocol version 2.0; client software version paramiko_1.7.5
> debug1: no match: paramiko_1.7.5
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_5.3
> debug1: permanently_set_uid: 74/74
> debug1: list_hostkey_types: ssh-rsa,ssh-dss
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: client->server aes128-ctr hmac-sha1 none
> debug1: kex: server->client aes128-ctr hmac-sha1 none
> debug1: expecting SSH2_MSG_KEXDH_INIT
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: KEX done
> debug1: userauth-request for user root service ssh-connection method
> publickey
> debug1: attempt 0 failures 0
> debug1: PAM: initializing for "root"
> debug1: PAM: setting PAM_RHOST to "192.168.1.2"
> debug1: PAM: setting PAM_TTY to "ssh"
> debug1: temporarily_use_uid: 0/0 (e=0/0)
> debug1: trying public key file /root/.ssh/authorized_keys
> debug1: fd 4 clearing O_NONBLOCK
> debug1: restore_uid: 0/0
> debug1: temporarily_use_uid: 0/0 (e=0/0)
> debug1: trying public key file /root/.ssh/authorized_keys2
> debug1: fd 4 clearing O_NONBLOCK
> debug1: restore_uid: 0/0
> Failed publickey for root from 192.168.1.2 port 52557 ssh2
> Connection closed by 192.168.1.2
> debug1: do_cleanup
> debug1: do_cleanup
> debug1: PAM: cleanup
> [root@urika-xa46-eth .ssh]# rm /root/.ssh/authorized_keys2
> rm: remove regular file `/root/.ssh/authorized_keys2'? y
> [root@--eth .ssh]#
>
> LEt me know if you need anymore info,
>
> Thanks!
>
> -Jason
>
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/ad16394b-6b38-4594-96c6-6c099c414aca%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
