I am fairly new working with ansible and am operating some playbooks that
were built by someone else who is gone. The current playbooks will set up a
new server and work fine. It installs several standard packages and will
change to all SSH logins , no root login. The first time I will put the
ansible_ssh_user=root ansible_ssh_pass= xxxxx on the inventory line.
After that root access no longer works.
the problem is when I need to run a playbook to update the server. I get a
failure that looks like this :
*ipaddress*> ESTABLISH CONNECTION FOR USER: *myusername*
<*ipaddress*> REMOTE_MODULE setup
<*ipaddress*> EXEC sshpass -d7 ssh -C -tt -v -o ControlMaster=auto -o
ControlPersist=60s -o
ControlPath="/home/nnnn/.ansible/cp/ansible-ssh-%h-%p-%r" -o
StrictHostKeyChecking=no -o GSSAPIAuthentication=no -o
PubkeyAuthentication=no -o ConnectTimeout=10 *ipaddress* /bin/sh -c 'mkdir
-p $HOME/.ansible/tmp/ansible-tmp-1464038963.41-214242419831580 && chmod
a+rx $HOME/.ansible/tmp/ansible-tmp-1464038963.41-214242419831580 && echo
$HOME/.ansible/tmp/ansible-tmp-1464038963.41-214242419831580'
fatal: [server] => SSH Error: Permission denied (publickey).
while connecting to *ipaddress*:22
I then discovered a small group of servers that use a VPN and back end IP ,
and the same script ran OK -
<*ipaddress*> ESTABLISH CONNECTION FOR USER: *myusername*
<*ipaddress*> REMOTE_MODULE setup
<*ipaddress*> EXEC ssh -C -tt -v -o ControlMaster=auto -o
ControlPersist=60s -o
ControlPath="/home/*myusername*/.ansible/cp/ansible-ssh-%h-%p-%r" -o
StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o ConnectTimeout=10 *ipaddress* /bin/sh -c
'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1464814366.77-239302668766602 &&
chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1464814366.77-239302668766602 &&
echo $HOME/.ansible/tmp/ansible-tmp-1464814366.77-239302668766602'
<*ipaddress*> PUT /tmp/tmpzk8i1E TO
/home/*myusername*/.ansible/tmp/ansible-tmp-1464814366.77-239302668766602/setup
<*ipaddress*> EXEC ssh -C -tt -v -o ControlMaster=auto -o
ControlPersist=60s -o
ControlPath="/home/*myusername*/.ansible/cp/ansible-ssh-%h-%p-%r" -o
StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o ConnectTimeout=10 *ipaddress* /bin/sh -c
'sudo -k && sudo -H -S -p "[sudo via ansible,
key=jreeatvlyrwzcjqqsmbdciudhpgwnrxp] password: " -u root /bin/sh -c
'"'"'echo BECOME-SUCCESS-jreeatvlyrwzcjqqsmbdciudhpgwnrxp; LANG=en_US.UTF-8
LC_CTYPE=en_US.UTF-8 /usr/bin/python
/home/*myusername*/.ansible/tmp/ansible-tmp-1464814366.77-239302668766602/setup;
rm -rf
/home/*myusername*/.ansible/tmp/ansible-tmp-1464814366.77-239302668766602/
>/dev/null 2>&1'"'"''
ok: [*servername*]
I am hoping there is a simple setting or other change that will allow these
playbooks to run, thanks for the help. I put asterisks around some things
for privacy / security *myusername* , etc.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/641bb0be-a888-4193-b20b-8fc23ea40944%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
