Re: [ansible-project] Re: cannot login to cisco switch using ansible

[Michael Sawires]

Hi Ajay,

I was able to build a new machine, still having same issue ansible & ssh
permission issue:

netadmin@netadmin-Virtual-Machine:/etc/ansible/myplatform$ ansible --version
ansible 2.5.7
  config file = /etc/ansible/ansible.cfg
  configured module search path =
[u'/home/netadmin/.ansible/plugins/modules',
u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.15rc1 (default, Apr 15 2018, 21:51:34) [GCC 7.3.0]
netadmin@netadmin-Virtual-Machine:/etc/ansible/myplatform$ ls
ios.retry  ios.yml
netadmin@netadmin-Virtual-Machine:/etc/ansible/myplatform$ ansible --version
ansible 2.5.7
  config file = /etc/ansible/ansible.cfg
  configured module search path =
[u'/home/netadmin/.ansible/plugins/modules',
u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.15rc1 (default, Apr 15 2018, 21:51:34) [GCC 7.3.0]
netadmin@netadmin-Virtual-Machine:/etc/ansible/myplatform$ ansible-playbook
ios.yml

PLAY [10.11.32.100]
***********************************************************************************************************************************************************************************************

TASK [Gathering Facts]
********************************************************************************************************************************************************************************************
fatal: [10.11.32.100]: UNREACHABLE! => {"changed": false, "msg": "Failed to
connect to the host via ssh: 60081064@10.11.32.100: Permission denied
(publickey,keyboard-interactive,password).\r\n", "unreachable": true}
 [WARNING]: Could not create retry file
'/etc/ansible/myplatform/ios.retry'.         [Errno 13] Permission denied:
u'/etc/ansible/myplatform/ios.retry'

PLAY RECAP
********************************************************************************************************************************************************************************************************
10.11.32.100               : ok=0    changed=0    unreachable=1
failed=0

netadmin@netadmin-Virtual-Machine:/etc/ansible/myplatform$ cat ios.yml
---
- hosts: 10.11.32.100
  user: 60081064

  tasks:
    - name: show version
      ios_command:
        commands: show version
...

also when I try: ansble all -m ping , it gives the same error  Permission
denied (publickey,keyboard-interactive,password).\

On Fri, Aug 10, 2018 at 12:44 AM Ajay Kumar Manukonda <
ajaykumarmanuko...@gmail.com> wrote:

> Hi Michael,
>
> I don't know any straight forward fix.
>
> So, did chmod 700 on /etc/ansible work? Is the playbook still giving the
> same error after the file permissions were changed?
>
> Regards,
> Ajay
>
> On Wed, Aug 8, 2018, 8:48 PM Michael Ikram <michaelik...@gmail.com> wrote:
>
>> I was able to fix the permission on Ubuntu, now back to the original
>> error:
>>
>>
>>
>> ansible all -i <switch_ip>, -c network_cli -u <username>-m
>> ios_command_1.yml
>>
>> [WARNING] Ansible is in a world writable directory (/etc/ansible),
>> ignoring it as an ansible.cfg source.
>>
>> 10.11.32.100 | FAILED! => {
>>
>>     "msg": " [WARNING] Ansible is in a world writable directory
>> (/etc/ansible), ignoring it as an ansible.cfg source.\n{\"socket_path\":
>> \"/home/test/.ansible/pc/c5b7c67eba\", \"exception\": \"Traceback (most
>> recent call last):\\n  File \\\"/usr/bin/ansible-connection\\\", line 87,
>> in start\\n    self.connection._connect()\\n  File
>> \\\"/usr/lib/python2.7/dist-packages/ansible/plugins/connection/network_cli.py\\\",
>> line 302, in _connect\\n    self._ssh_shell =
>> ssh.ssh.invoke_shell()\\nNameError: global name 'ssh' is not defined\\n\",
>> \"messages\": [\"local domain socket does not exist, starting it\",
>> \"control socket path is /home/test/.ansible/pc/c5b7c67eba\", \"\"],
>> \"error\": \"global name 'ssh' is not defined\"}"
>>
>> }
>>
>>
>>
>> Do you know any straight forward fix?
>>
>>
>>
>> Thanks,
>>
>> Michael
>>
>>
>>
>> *From: *Michael Ikram <michaelik...@gmail.com>
>> *Sent: *Thursday, 9 August 2018 10:24 AM
>> *To: *ansible-project@googlegroups.com
>> *Subject: *RE: [ansible-project] Re: cannot login to cisco switch using
>> ansible
>>
>>
>>
>> Hi Ajay,
>>
>>
>>
>>    - Tried to chmod 700, it gave me the following error
>>
>>
>>
>> test@TESTVM:/etc$ sudo chmod 700 /etc/ansible
>>
>> sudo: /etc/sudoers is world writable
>>
>> sudo: no valid sudoers sources found, quitting
>>
>> sudo: unable to initialize policy plugin
>>
>>
>>
>>    - I think I have bigger issue than Ansible now, it is a permission
>>    issue on Ubuntu box, any suggestions?
>>
>> Thanks,
>>
>> Michael
>>
>>
>>
>> *From: *Ajay <ajaykumarmanuko...@gmail.com>
>> *Sent: *Thursday, 9 August 2018 10:13 AM
>> *To: *Ansible Project <ansible-project@googlegroups.com>
>> *Subject: *Re: [ansible-project] Re: cannot login to cisco switch using
>> ansible
>>
>>
>>
>> First of all, try executing this command: "chmod 700 /etc/ansible" and
>> run the playbook again (since you are using network_cli as connection type,
>> I assume you also defined ansible_network_os as ios)
>>
>>
>>
>> Suggestions:
>>
>> 1. Don't use the default ansible.cfg file, it's too big to track all the
>> changes we made
>>
>> 2. "https://docs.ansible.com/ansible/latest/network/index.html"; is a
>> good place to start if you haven't checked already
>>
>>
>>
>> *"I think I have a problem with ssh but i do not understand how to fix
>> it" - *Can you directly ssh to the device from the VM you are using?
>>
>>
>>
>> Let me know if that works.
>>
>>
>>
>> Regards,
>>
>> Ajay
>>
>> On Wednesday, August 8, 2018 at 3:24:21 PM UTC-7, Michael Sawires wrote:
>>
>> I cannot understand what to do from the link you sent me, I am still new
>> in Ansible.
>>
>>
>>
>> Here is the permission and content of ansible.cfg file
>>
>>
>>
>> 1.Permission:
>>
>> ==========
>>
>> -r-xrwxrwx 1 root root 19573 Aug  9 00:52 ansible.cfg
>>
>> -r-xrwxrwx 1 root root   251 Aug  8 12:15 ios_facts.yml
>>
>>
>>
>>
>>
>> 2.Content
>>
>> ========
>>
>> 2.1. ansible.cfg
>>
>> ============
>>
>> test@TESTVM:/etc/ansible$ cat ansible.cfg
>>
>> # config file for ansible -- https://ansible.com/
>>
>> # ===============================================
>>
>>
>>
>> # nearly all parameters can be overridden in ansible-playbook
>>
>> # or with command line flags. ansible will read ANSIBLE_CONFIG,
>>
>> # ansible.cfg in the current working directory, .ansible.cfg in
>>
>> # the home directory or /etc/ansible/ansible.cfg, whichever it
>>
>> # finds first
>>
>>
>>
>> [defaults]
>>
>> host_key_checking = false
>>
>>
>>
>> # some basic default values...
>>
>>
>>
>> #inventory      = /etc/ansible/hosts
>>
>> #library        = /usr/share/my_modules/
>>
>> #module_utils   = /usr/share/my_module_utils/
>>
>> #remote_tmp     = ~/.ansible/tmp
>>
>> #local_tmp      = ~/.ansible/tmp
>>
>> #plugin_filters_cfg = /etc/ansible/plugin_filters.yml
>>
>> #forks          = 5
>>
>> #poll_interval  = 15
>>
>> #sudo_user      = root
>>
>> #ask_sudo_pass = True
>>
>> #ask_pass      = True
>>
>> #transport      = smart
>>
>> #remote_port    = 22
>>
>> #module_lang    = C
>>
>> #module_set_locale = False
>>
>>
>>
>> # plays will gather facts by default, which contain information about
>>
>> # the remote system.
>>
>> #
>>
>> # smart - gather by default, but don't reg
>>
>>
>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "Ansible Project" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/ansible-project/QaZFGSaMNpk/unsubscribe
>> .
>> To unsubscribe from this group and all its topics, send an email to
>> ansible-project+unsubscr...@googlegroups.com.
>> To post to this group, send email to ansible-project@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/5b6bb990.1c69fb81.eaa12.efee%40mx.google.com
>> <https://groups.google.com/d/msgid/ansible-project/5b6bb990.1c69fb81.eaa12.efee%40mx.google.com?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAOr1PY-%2BWvzwpsTVgS%2BoAh8bA%3DOereARQmddC9C10WEpVX1dvg%40mail.gmail.com
> <https://groups.google.com/d/msgid/ansible-project/CAOr1PY-%2BWvzwpsTVgS%2BoAh8bA%3DOereARQmddC9C10WEpVX1dvg%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>


-- 
-----------------------
Michael Sawires

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAFYW21%3D2x4bDn%2B919zzPp8grf9BDyMMZwwgMzUBhdFC1e2fB0w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.