On 24 November 2017 at 10:17, Cycle London <[email protected]> wrote: > This is probably a simple question that you get asked hundreds of times, but > I've searched the archives and either my google mojo is gone, or else it's > in a different wording. > > My employer uses ansible heavily, and I've been kind of roped into getting > to learn it. No hurry, as there are already others who use it and know it, > so for the moment it's more a 'hobby but would be nice to know'. > > At home, I have a Mac and a server with VMWare running, and about a dozen > Linux CentOS VMs. As a first project, I decided I want to use ansible to > keep the openssh servers on the VMs current. Now, I can connect to these > servers no problem, either with a simple command (let's use the mail server > as an example).. > > ssh -p xxxx -i $HOME/.ssh/key_rsa -l cycle mx > > .. and boom, I'm on the mail server. Or I can use wrappers, which basically > means I need to type 'mx' and I connect to that box. No need to cat the > contents of that file, as it's basically identical to the command above. > The point is that keypair authentication works seamlessly. > > Now for Ansible. As I'm using the Mac, it's a weird installation, as > there's no /etc/ansible but I've created an ansible directory in my $HOME in > the location that I use for developing stuff: > > $HOME/Documents/dev/ansible > > In there, I have.. > > My-Mac:ansible cycle$ ls -l > total 8 > -rw-r--r--+ 1 cycle staff 324 23 nov 16:23 hosts > drwxr-xr-x+ 3 cycle staff 102 23 nov 16:25 playbooks > > In playbooks, I have a yml file that uses the yum module to set sshd to > 'latest'. I run.. > > ansible-playbook -i hosts --private-key /Users/cycle/.ssh/key_rsa > playbooks/update_all_sshd.yml > > I get the cute little logo telling me it's gathering facts, and then a > stream of .. > > The authenticity of host 'db1.internal-domain (192.168.1.11)' can't be > established. > RSA key fingerprint is SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX. > Are you sure you want to continue connecting (yes/no)? The authenticity of > host 'dns2.internal-domain (192.168.1.19)' can't be established. > RSA key fingerprint is SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX. > Are you sure you want to continue connecting (yes/no)? The authenticity of > host 'dns1.internal-domain (192.168.1.15)' can't be established. > RSA key fingerprint is SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX. > Are you sure you want to continue connecting (yes/no)? The authenticity of > host 'db2.internal-domain (192.168.1.16)' can't be established. > RSA key fingerprint is SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX. > Are you sure you want to continue connecting (yes/no)? fatal: > [jira.internal-domain]: UNREACHABLE! => {"changed": false, "msg": "Failed to > connect to the host via ssh: Permission denied (publickey).\r\n", > "unreachable": true} > > And what I don't understand is: if I can connect using my ordinary username > 'cycle' and if this is in the $HOME/ansible.cfg .. > > My-Mac:ansible cycle$ grep cycle /Users/cycle/ansible.cfg > inventory = /Users/cycle/Documents/dev/ansible/hosts > remote_user = cycle > private_key_file = /Users/cycle/keys/new_id.rsa > > ... then why can't ansible do so?
You manually connect with /Users/cycle/.ssh/key_rsa but the config file lists /Users/cycle/keys/new_id.rsa? -- Dick Visser GÉANT Want to join us? We're hiring: https://www.geant.org/jobs -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAL8fbwMB6seLYyXEc%2Bd_3O%2Buy%3DxaooAWyD10t4E3y1BJyiPKQQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
