Hi Ajay,
I tried with -k, it does not work
netadmin@netadmin-Virtual-Machine:/etc/ansible$ ansible-playbook ios.yml -k
SSH password:
PLAY [10.11.32.100]
********************************************************************************************************************************************************************************
TASK [Gathering Facts]
*****************************************************************************************************************************************************************************
[WARNING]: sftp transfer mechanism failed on [10.11.32.100]. Use
ANSIBLE_DEBUG=1 to see detailed information
[WARNING]: scp transfer mechanism failed on [10.11.32.100]. Use
ANSIBLE_DEBUG=1 to see detailed information
fatal: [10.11.32.100]: UNREACHABLE! => {"changed": false, "msg": "SSH Error:
data could not be sent to remote host \"10.11.32.100\". Make sure this host can
be reached over ssh", "unreachable": true}
[WARNING]: Could not create retry file '/etc/ansible/ios.retry'.
[Errno 13] Permission denied: u'/etc/ansible/ios.retry'
PLAY RECAP
*****************************************************************************************************************************************************************************************
10.11.32.100 : ok=0 changed=0 unreachable=1 failed=0
Here is the output of -vvv
netadmin@netadmin-Virtual-Machine:/etc/ansible$ ansible-playbook ios.yml -vvv
ansible-playbook 2.5.7
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/home/netadmin/.ansible/plugins/modules',
u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 2.7.15rc1 (default, Apr 15 2018, 21:51:34) [GCC 7.3.0]
Using /etc/ansible/ansible.cfg as config file
Parsed /etc/ansible/hosts inventory source with ini plugin
PLAYBOOK: ios.yml
**********************************************************************************************************************************************************************************
1 plays in ios.yml
PLAY [10.11.32.100]
********************************************************************************************************************************************************************************
TASK [Gathering Facts]
*****************************************************************************************************************************************************************************
task path: /etc/ansible/ios.yml:2
Using module file
/usr/lib/python2.7/dist-packages/ansible/modules/system/setup.py
<10.11.32.100> ESTABLISH SSH CONNECTION FOR USER: 60081064
<10.11.32.100> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o
KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o
PasswordAuthentication=no -o User=60081064 -o ConnectTimeout=10 -o
ControlPath=/home/netadmin/.ansible/cp/e0e6fa081f 10.11.32.100 '/bin/sh -c
'"'"'echo ~60081064 && sleep 0'"'"''
<10.11.32.100> (255, '', '[email protected]: Permission denied
(publickey,keyboard-interactive,password).\r\n')
fatal: [10.11.32.100]: UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: [email protected]:
Permission denied (publickey,keyboard-interactive,password).\r\n",
"unreachable": true
}
[WARNING]: Could not create retry file '/etc/ansible/ios.retry'.
[Errno 13] Permission denied: u'/etc/ansible/ios.retry'
PLAY RECAP
*****************************************************************************************************************************************************************************************
10.11.32.100 : ok=0 changed=0 unreachable=1 failed=0
netadmin@netadmin-Virtual-Machine:/etc/ansible$
Sent from Mail for Windows 10
From: Ajay Kumar Manukonda
Sent: Friday, 10 August 2018 9:59 AM
To: [email protected]
Subject: Re: [ansible-project] Re: cannot login to cisco switch using ansible
Hi Michael,
"ansble all -m ping , it gives the same error Permission denied
(publickey,keyboard-interactive,password)" doesn't work because ansible ping
module requires the remote node to run python. You can find more about it here:
https://docs.ansible.com/ansible/latest/modules/ping_module.html#ping-module
So, it works for your username, and based on "Failed to connect to the host via
ssh: [email protected]: Permission denied
(publickey,keyboard-interactive,password)" ansible is using the correct
username. Where are you defining your password? In the hosts file? If that is
the case, hash the password in the hosts file and use -k option instead (
ansible-playbook ios.yml -k ) and enter the password manually just to eliminate
one source of the problem.
If that doesn't work, revert the changes and get the output of
"ansible-playbook ios.yml -vvvv " command. It could help us find the source of
the issue.
Regards,
Ajay
On Thu, Aug 9, 2018 at 1:35 PM Michael Sawires <[email protected]> wrote:
Hi Ajay,
If username is 60081064, it works, if root, it does not.
Thanks,
Michael
On Fri, 10 Aug 2018 at 4:41 am, Ajay Kumar Manukonda
<[email protected]> wrote:
Hi Michael,
By looking at this error : "msg": "Failed to connect to the host via ssh:
[email protected]: Permission denied
(publickey,keyboard-interactive,password).\r\n", "unreachable": true it seems
like your ansible VM can not SSH to the cisco switch in the first place.
Does normal SSH to the switch work? like if you do ssh [email protected] .
If it doesn't work, you have to fix that first. Maybe the switch is allowing
connections only from particular IP addresses.
Regards,
Ajay
On Thu, Aug 9, 2018 at 8:02 AM Michael Sawires <[email protected]> wrote:
Hi Ajay,
I was able to build a new machine, still having same issue ansible & ssh
permission issue:
netadmin@netadmin-Virtual-Machine:/etc/ansible/myplatform$ ansible --version
ansible 2.5.7
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/home/netadmin/.ansible/plugins/modules',
u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.15rc1 (default, Apr 15 2018, 21:51:34) [GCC 7.3.0]
netadmin@netadmin-Virtual-Machine:/etc/ansible/myplatform$ ls
ios.retry ios.yml
netadmin@netadmin-Virtual-Machine:/etc/ansible/myplatform$ ansible --version
ansible 2.5.7
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/home/netadmin/.ansible/plugins/modules',
u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.15rc1 (default, Apr 15 2018, 21:51:34) [GCC 7.3.0]
netadmin@netadmin-Virtual-Machine:/etc/ansible/myplatform$ ansible-playbook
ios.yml
PLAY [10.11.32.100]
***********************************************************************************************************************************************************************************************
TASK [Gathering Facts]
********************************************************************************************************************************************************************************************
fatal: [10.11.32.100]: UNREACHABLE! => {"changed": false, "msg": "Failed to
connect to the host via ssh: [email protected]: Permission denied
(publickey,keyboard-interactive,password).\r\n", "unreachable": true}
[WARNING]: Could not create retry file '/etc/ansible/myplatform/ios.retry'.
[Errno 13] Permission denied: u'/etc/ansible/myplatform/ios.retry'
PLAY RECAP
********************************************************************************************************************************************************************************************************
10.11.32.100 : ok=0 changed=0 unreachable=1 failed=0
netadmin@netadmin-Virtual-Machine:/etc/ansible/myplatform$ cat ios.yml
---
- hosts: 10.11.32.100
user: 60081064
tasks:
- name: show version
ios_command:
commands: show version
...
also when I try: ansble all -m ping , it gives the same error Permission
denied (publickey,keyboard-interactive,password).\
On Fri, Aug 10, 2018 at 12:44 AM Ajay Kumar Manukonda
<[email protected]> wrote:
Hi Michael,
I don't know any straight forward fix.
So, did chmod 700 on /etc/ansible work? Is the playbook still giving the same
error after the file permissions were changed?
Regards,
Ajay
On Wed, Aug 8, 2018, 8:48 PM Michael Ikram <[email protected]> wrote:
I was able to fix the permission on Ubuntu, now back to the original error:
ansible all -i <switch_ip>, -c network_cli -u <username>-m ios_command_1.yml
[WARNING] Ansible is in a world writable directory (/etc/ansible), ignoring it
as an ansible.cfg source.
10.11.32.100 | FAILED! => {
"msg": " [WARNING] Ansible is in a world writable directory (/etc/ansible),
ignoring it as an ansible.cfg source.\n{\"socket_path\":
\"/home/test/.ansible/pc/c5b7c67eba\", \"exception\": \"Traceback (most recent
call last):\\n File \\\"/usr/bin/ansible-connection\\\", line 87, in start\\n
self.connection._connect()\\n File
\\\"/usr/lib/python2.7/dist-packages/ansible/plugins/connection/network_cli.py\\\",
line 302, in _connect\\n self._ssh_shell =
ssh.ssh.invoke_shell()\\nNameError: global name 'ssh' is not defined\\n\",
\"messages\": [\"local domain socket does not exist, starting it\", \"control
socket path is /home/test/.ansible/pc/c5b7c67eba\", \"\"], \"error\": \"global
name 'ssh' is not defined\"}"
}
Do you know any straight forward fix?
Thanks,
Michael
From: Michael Ikram
Sent: Thursday, 9 August 2018 10:24 AM
To: [email protected]
Subject: RE: [ansible-project] Re: cannot login to cisco switch using ansible
Hi Ajay,
• Tried to chmod 700, it gave me the following error
test@TESTVM:/etc$ sudo chmod 700 /etc/ansible
sudo: /etc/sudoers is world writable
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
• I think I have bigger issue than Ansible now, it is a permission issue on
Ubuntu box, any suggestions?
Thanks,
Michael
From: Ajay
Sent: Thursday, 9 August 2018 10:13 AM
To: Ansible Project
Subject: Re: [ansible-project] Re: cannot login to cisco switch using ansible
First of all, try executing this command: "chmod 700 /etc/ansible" and run the
playbook again (since you are using network_cli as connection type, I assume
you also defined ansible_network_os as ios)
Suggestions:
1. Don't use the default ansible.cfg file, it's too big to track all the
changes we made
2. "https://docs.ansible.com/ansible/latest/network/index.html"; is a good place
to start if you haven't checked already
"I think I have a problem with ssh but i do not understand how to fix it" - Can
you directly ssh to the device from the VM you are using?
Let me know if that works.
Regards,
Ajay
On Wednesday, August 8, 2018 at 3:24:21 PM UTC-7, Michael Sawires wrote:
I cannot understand what to do from the link you sent me, I am still new in
Ansible.
Here is the permission and content of ansible.cfg file
1.Permission:
==========
-r-xrwxrwx 1 root root 19573 Aug 9 00:52 ansible.cfg
-r-xrwxrwx 1 root root 251 Aug 8 12:15 ios_facts.yml
2.Content
========
2.1. ansible.cfg
============
test@TESTVM:/etc/ansible$ cat ansible.cfg
# config file for ansible -- https://ansible.com/
# ===============================================
# nearly all parameters can be overridden in ansible-playbook
# or with command line flags. ansible will read ANSIBLE_CONFIG,
# ansible.cfg in the current working directory, .ansible.cfg in
# the home directory or /etc/ansible/ansible.cfg, whichever it
# finds first
[defaults]
host_key_checking = false
# some basic default values...
#inventory = /etc/ansible/hosts
#library = /usr/share/my_modules/
#module_utils = /usr/share/my_module_utils/
#remote_tmp = ~/.ansible/tmp
#local_tmp = ~/.ansible/tmp
#plugin_filters_cfg = /etc/ansible/plugin_filters.yml
#forks = 5
#poll_interval = 15
#sudo_user = root
#ask_sudo_pass = True
#ask_pass = True
#transport = smart
#remote_port = 22
#module_lang = C
#module_set_locale = False
# plays will gather facts by default, which contain information about
# the remote system.
#
# smart - gather by default, but don't reg
--
You received this message because you are subscribed to a topic in the Google
Groups "Ansible Project" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/ansible-project/QaZFGSaMNpk/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
[email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/5b6bb990.1c69fb81.eaa12.efee%40mx.google.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAOr1PY-%2BWvzwpsTVgS%2BoAh8bA%3DOereARQmddC9C10WEpVX1dvg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
--
-----------------------
Michael Sawires
--
You received this message because you are subscribed to a topic in the Google
Groups "Ansible Project" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/ansible-project/QaZFGSaMNpk/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
[email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAFYW21%3D2x4bDn%2B919zzPp8grf9BDyMMZwwgMzUBhdFC1e2fB0w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAOr1PY8drHRUJ_FK8MXxjWnxtu%2B1XZ%3DfF0BtuNu2o01kWr3vNA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
--
Sent from Gmail Mobile
--
You received this message because you are subscribed to a topic in the Google
Groups "Ansible Project" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/ansible-project/QaZFGSaMNpk/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
[email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAFYW21kxHsEsUx-tqH79JJZTdwRbTcXUNRUoJzu7BGQcz3ZFCw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAOr1PY-%2BsyQiqnDRWHzN3V%2BK-3McYWoO1WiL6Nwp4N_XVNi5SQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/5b6cd689.1c69fb81.ee703.e269%40mx.google.com.
For more options, visit https://groups.google.com/d/optout.
