Hi Fabio, I am not using the playbook for this particular task, I am creating an ansible control server and client. I am trying to connect from control server to client after generating the ssh keys. I used ssh-keygen on ubuntu server using ansible user. I am setting a passwordless connection from the ansible control server /localhost to client.
On Mon, Nov 19, 2018 at 6:47 PM Fabio Gomes Sakiyama < [email protected]> wrote: > Hi Arvind, > > It was pretty simple 'cause I was messing up the users. > > Are you running your playbook with root? Which user you set on your hosts > as ansible_user? Are you using become inside your playbooks? > Also, I stopped using ssh, instead I'm using openstack keypair. > > And try Dave's suggestion, it's very useful: > > Hi Fabio, >> >> I see you found a solution, but this is what I'd recommend doing next >> time. >> >> Add -vvv and read the resulting output carefully. You can splice the ssh >> command from Ansible back into the shell to work out what is missing or >> different to just running ssh@<foo> locally. >> >> Usually this is because the username is different or you’re using a >> different ssh key than expected. >> > e.g.: >> $ ansible-playbook site.yml --diff --check -vvv >> >> Gathering Facts... >> Using module file >> /usr/local/lib/python2.7/site-packages/ansible/modules/system/setup.py >> <[email protected]> ESTABLISH SSH CONNECTION FOR USER: root >> Using module file >> /usr/local/lib/python2.7/site-packages/ansible/modules/system/setup.py >> <i09.com> SSH: EXEC ssh -F ./ssh_config -o StrictHostKeyChecking=no -o >> Port=2200 -o KbdInteractiveAuthentication=no -o >> PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey >> -o PasswordAuthentication=no -o User=root -o ConnectTimeout=30 -tt >> i09.com 'which -s jailme' >> <i09.koan-ci.com> ESTABLISH SSH CONNECTION FOR USER: ansible >> <i09.com> SSH: EXEC ssh -F ./ssh_config -o StrictHostKeyChecking=no -o >> Port=2200 -o KbdInteractiveAuthentication=no -o >> PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey >> -o PasswordAuthentication=no -o User=ansible -o ConnectTimeout=30 i09.com >> '/bin/sh >> -c '"'"'/usr/local/bin/python2.7 && sleep 0'"'"'' >> <i09.com> (255, '', 'root@i09com: Permission denied (publickey).\r\n') >> > > > And finally, if possible, post your playbook. > > > On Mon, Nov 19, 2018 at 8:14 PM Arvind Thatikonda <[email protected]> > wrote: > >> Hi Fabio, >> can you please clarify how you managed to solve it. I created user >> ansible, the public keys ID_RSA.pub are stored under /home/ansible/.ssh >> folders. the ssh-copy-id should copy to target server - client when I run >> ssh-copy-id ansible@privateip. >> I create same user name 'ansible' on remote server. >> I get permission denied error. >> >> >> On Tuesday, October 9, 2018 at 10:16:26 AM UTC-4, Fabio Gomes Sakiyama >> wrote: >>> >>> Hi Chen, >>> >>> I manage to solve the problem. I need to pass the public key of a >>> different user. In addition, I changed the way to connect to the VMs, since >>> I am using openstack, I configured ansible to use the keypair to connect. >>> >>> Thanks >>> >>> Em segunda-feira, 8 de outubro de 2018 23:47:35 UTC-3, chenchireddy >>> guvvala escreveu: >>>> >>>> As I am aware Ansible always assumes jobs are running SSH keys either >>>> local system or remote system. >>>> >>>> Thanks. >>>> >>>> On Tuesday, October 9, 2018 at 7:35:42 AM UTC+5:30, Fabio Gomes >>>> Sakiyama wrote: >>>>> >>>>> Hi Chen, >>>>> >>>>> I'm aware of ssh-key gen and ssh-copy-id. The ansible module >>>>> "authorized_keys" does the ssh-copy-id for me, so I don't need to run it >>>>> manually. >>>>> >>>>> The ssh works because when I execute ''ssh root@myAddress", it works >>>>> perfectly. >>>>> The problem is when doing exact the same thing, but with ansible. >>>>> >>>>> >>>>> Em segunda-feira, 8 de outubro de 2018 22:48:44 UTC-3, chenchireddy >>>>> guvvala escreveu: >>>>>> >>>>>> Hi, >>>>>> >>>>>> *ssh-keygen* creates the public and private keys.* ssh-copy-id* copies >>>>>> the local-host’s public key to the remote-host’s authorized_keys file. >>>>>> ssh-copy-id also assigns proper permission to the remote-host’s home, >>>>>> ~/.ssh, and ~/.ssh/authorized_keys. >>>>>> >>>>>> Check host entry in /etc/host file >>>>>> 127.0.0.1 localhost >>>>>> >>>>>> Check command# ansible localhost -m ping -vv >>>>>> >>>>>> Thanks. >>>>>> >>>>>> On Tuesday, October 9, 2018 at 6:52:49 AM UTC+5:30, Fabio Gomes >>>>>> Sakiyama wrote: >>>>>>> >>>>>>> Hello guys, >>>>>>> >>>>>>> I'm trying to use the ansible_authorized keys to create VMs (with >>>>>>> packer and terraform), adding my workspace key to VMs authorized keys. >>>>>>> I think it worked because if I execute ''ssh root@myVM", it >>>>>>> connects without asking password. >>>>>>> >>>>>>> But when I execute "ansible all -m ping -u root" to that same host, >>>>>>> it fails with the error "sshh fails to connect to host via ssh. >>>>>>> Permission >>>>>>> denied". >>>>>>> >>>>>>> I'm really confused and struggling to understand that, since a raw >>>>>>> ssh works and the ansible ssh doesn't. >>>>>>> >>>>>>> What am I missing?? >>>>>>> >>>>>>> Thanks in advance! >>>>>>> >>>>>> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Ansible Project" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/ansible-project/zE6uQpLdlkE/unsubscribe >> . >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> To post to this group, send email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/20213015-3728-4271-b397-4b4142208a70%40googlegroups.com >> <https://groups.google.com/d/msgid/ansible-project/20213015-3728-4271-b397-4b4142208a70%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAA5vnFkBc8hNXKu00K3%2BEoscVW1nmQuqBy3tBTq9u4SrsU9UwQ%40mail.gmail.com > <https://groups.google.com/d/msgid/ansible-project/CAA5vnFkBc8hNXKu00K3%2BEoscVW1nmQuqBy3tBTq9u4SrsU9UwQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- Thanks & Regards, Arvind; -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAPiXTetW-b6vZBgcGWZWMtNRU-CEHwvBzgwLH_jXcJhsvmpxGw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
