On Tue, 9 Oct 2018, at 04:05, Fabio Gomes Sakiyama wrote: > The problem is when doing exact the same thing, but with ansible. Hi Fabio,
I see you found a solution, but this is what I'd recommend doing next time. Add -vvv and read the resulting output carefully. You can splice the ssh command from Ansible back into the shell to work out what is missing or different to just running ssh@<foo> locally. Usually this is because the username is different or you’re using a different ssh key than expected. e.g.: $ ansible-playbook site.yml --diff --check -vvv Gathering Facts... Using module file /usr/local/lib/python2.7/site-packages/ansible/modules/system/setup.py <[email protected]> ESTABLISH SSH CONNECTION FOR USER: root Using module file /usr/local/lib/python2.7/site-packages/ansible/modules/system/setup.py <i09.com> SSH: EXEC ssh -F ./ssh_config -o StrictHostKeyChecking=no -o Port=2200 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=root -o ConnectTimeout=30 -tt i09.com 'which -s jailme' <i09.koan-ci.com> ESTABLISH SSH CONNECTION FOR USER: ansible <i09.com> SSH: EXEC ssh -F ./ssh_config -o StrictHostKeyChecking=no -o Port=2200 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ansible -o ConnectTimeout=30 i09.com '/bin/sh -c '"'"'/usr/local/bin/python2.7 && sleep 0'"'"'' <i09.com> (255, '', 'root@i09com: Permission denied (publickey).\r\n') ... you can then try `ssh -F ./ssh_config -o ....` until you see what's missing. Check User= first. I have some further settings in ansible.cfg and a per-customer ssh_config, in a git repo: # ansible.cfg [defaults] inventory = ./hosts.ini forks = 20 timeout = 30 poll_interval = 15 transport = ssh retry_files_enabled = False [ssh_connection] ssh_args = -F ./ssh_config pipelining = True # ssh_config Host *.i09.com www api beta couchdb cache rabbit vault UseRoaming no GSSAPIAuthentication no KbdInteractiveAuthentication no ServerAliveInterval 240 ControlMaster auto ControlPath ~/.ssh/%r@%h:%p ControlPersist 30m KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256 SendEnv VAULT_TOKEN port 2200 user ansible ForwardAgent yes -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1539158085.1442975.1536904184.5805DB28%40webmail.messagingengine.com. For more options, visit https://groups.google.com/d/optout.
