Interesting suggestion and I will attempt to revert back to a stable release as suggested.
In the meantime, I can confirm the 2.9.0dev0 framework acts differently with routeros ssh connections (the key is invalid always), yet that same key (last night I changed from DSA to RSA) works fine with scripted SSH (example below). I am not strictly a developer type, so I can be happy with a stable version. Let the buyers beware. Is this is a bug worth reporting? dev1@s5:~$ !1816 ssh -i /home/dev1/.ssh/3101_id_rsa -p 22222 -t [email protected] <mailto:[email protected]> << "ENDSSH" > /system resource pr > /ip route pr > /interface bridge pr > ENDSSH Pseudo-terminal will not be allocated because stdin is not a terminal. X11 forwarding request failed on channel 0 uptime: 1d9h39m10s version: 6.43.2 (stable) build-time: Sep/18/2018 12:12:48 factory-software: 6.41.3 free-memory: 469.6MiB total-memory: 512.0MiB cpu: ARMv7 cpu-count: 1 cpu-frequency: 800MHz cpu-load: 17% free-hdd-space: 3700.0KiB total-hdd-space: 16.0MiB write-sect-since-reboot: 1302 write-sect-total: 3568 bad-blocks: 0% architecture-name: arm board-name: CRS328-24P-4S+ platform: MikroTik Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 A S ;;; 3101 default gw to Verizon Fios ONT 0.0.0.0/0 10.0.0.1 1 1 ADC 10.0.0.0/24 10.0.0.99 ether24 0 2 ADC 10.0.1.0/24 10.0.1.1 3101-bridge 0 Flags: X - disabled, R - running 0 R ;;; 26may19/SH/LAN for 3101 name="3101-bridge" mtu=auto actual-mtu=1500 l2mtu=1592 arp=enabled arp-timeout=auto mac-address=B8:69:F4:AC:F5:4D protocol-mode=rstp fast-forward=no igmp-snooping=no auto-mac=yes ageing-time=5m priority=0x8000 max-message-age=20s forward-delay=15s transmit-hold-count=6 vlan-filtering=no dhcp-snooping=no From: [email protected] <[email protected]> On Behalf Of Dick Visser Sent: Wednesday, May 29, 2019 12:03 AM To: [email protected] Subject: Re: [ansible-project] SSH private key invalid ? Ansible Mikrotik RouterOS configuration You’re using ansible from source. Could you try again using a released stable version that has been out for some time? For instance 2.7.10. Dick On Tue, 28 May 2019 at 20:06, Samudra Haque <[email protected] <mailto:[email protected]> > wrote: Hello Ansible gurus, I am new to Ansible and have installed from Git source branch. I am not changing anything at this time. I am investigating ways to use Ansible with Mikrotik RouterOS (www.mt.lv <http://www.mt.lv> or www.mikrotik.com <http://www.mikrotik.com> ). My test environment is a Ubuntu 18.xx linux box on a local area network. The two devices are on the same ethernet switch. dev1@s5:~/TTLLC_ansible$ uname -a Linux s5 5.0.0-15-generic #16-Ubuntu SMP Mon May 6 17:41:33 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux dev1@s5:~/TTLLC_ansible$ ansible --version 22073 1559065845.13968: starting run ansible 2.9.0.dev0 config file = /etc/ansible/ansible.cfg configured module search path = [u'/home/dev1/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /home/dev1/src/ansible/lib/ansible executable location = /home/dev1/src/ansible/bin/ansible python version = 2.7.16 (default, Apr 6 2019, 01:42:57) [GCC 8.3.0] dev1@s5:~/TTLLC_ansible$ I have SSH private-key and public-key setup to allow me to access the Mikrotik RouterOS session without an interactive password from the Ubuntu box. For now, I am testing DSA file private key/public key dev1@s5:~/.ssh$ <mailto:dev1@s5:~/.ssh$> ls -l total 16 -rw------- 1 dev1 dev1 1373 May 26 23:10 3101_dsa -rw-r--r-- 1 dev1 dev1 597 May 26 23:10 3101_dsa.pub dev1@s5:~/.ssh$ <mailto:dev1@s5:~/.ssh$> file * 3101_dsa: OpenSSH private key 3101_dsa.pub: OpenSSH DSA public key Here is the proof that SSH works from the command line. dev1@s5:~/TTLLC_ansible$ ssh -i ~/.ssh/3101_dsa [email protected] <mailto:[email protected]> -p 22222 MMM MMM KKK TTTTTTTTTTT KKK MMMM MMMM KKK TTTTTTTTTTT KKK MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK MikroTik RouterOS 6.43.2 (c) 1999-2018 http://www.mikrotik.com/ [?] Gives the list of available commands command [?] Gives help on the command and list of arguments [Tab] Completes the command/word. If the input is ambiguous, a second [Tab] gives possible options / Move up to base level .. Move up one level /command Use command at the base level Here is my problem (the full debug output is at the end of this message, sorry for the length) - Ansible reports the SSH module complains it is an Invalid key. The full traceback is: Traceback (most recent call last): File "/home/dev1/src/ansible/bin/ansible-connection", line 104, in start self.connection._connect() File "/home/dev1/src/ansible/lib/ansible/plugins/connection/network_cli.py", line 327, in _connect ssh = self.paramiko_conn._connect() File "/home/dev1/src/ansible/lib/ansible/plugins/connection/paramiko_ssh.py", line 245, in _connect self.ssh = SSH_CONNECTION_CACHE[cache_key] = self._connect_uncached() File "/home/dev1/src/ansible/lib/ansible/plugins/connection/paramiko_ssh.py", line 368, in _connect_uncached raise AnsibleConnectionFailure(msg) AnsibleConnectionFailure: Invalid key 22502 1559065909.68461: done running TaskExecutor() for 10.0.0.99/TASK <http://10.0.0.99/TASK> : Gathering Facts [8851fb63-ee9d-cebc-7778-00000000000c] 22502 1559065909.68478: sending task result for task 8851fb63-ee9d-cebc-7778-00000000000c 22502 1559065909.68512: done sending task result for task 8851fb63-ee9d-cebc-7778-00000000000c 22502 1559065909.68518: WORKER PROCESS EXITING 22489 1559065909.68718: marking 10.0.0.99 as failed 22489 1559065909.68731: marking host 10.0.0.99 failed, current state: HOST STATE: block=0, task=0, rescue=0, always=0, run_state=ITERATING_SETUP, fail_state=FAILED_NONE, pending_setup=True, tasks child state? (None), rescue child state? (None), always child state? (None), did rescue? False, did start at task? False 22489 1559065909.68736: ^ failed state is now: HOST STATE: block=0, task=0, rescue=0, always=0, run_state=ITERATING_COMPLETE, fail_state=FAILED_SETUP, pending_setup=True, tasks child state? (None), rescue child state? (None), always child state? (None), did rescue? False, did start at task? False 22489 1559065909.68741: getting the next task for host 10.0.0.99 22489 1559065909.68746: host 10.0.0.99 is done iterating, returning fatal: [10.0.0.99]: FAILED! => { "msg": "Invalid key" } I would have assumed the following script would work - but it doesn't, what am I doing wrong - how am I messing up the key definition? dev1@s5:~/TTLLC_ansible$ cat doAnsible.sh #! /bin/bash # Specify the location for the log file export ANSIBLE_LOG_PATH=/tmp/foo # Enable Debug export ANSIBLE_DEBUG=True cat /dev/null > /tmp/foo # Run with 4*v for connection level verbosity ansible-playbook -u ttadmins -vvvv -i TTLLC_hosts ansibleRouterOS.yml YAML file dev1@s5:~/TTLLC_ansible$ cat ansibleRouterOS.yml --- # # Ansible Playbook for TTLLC RouterOS network management # xxxxxxxxxxxxxxxxxxxxx Mon 27 May 2019 09:26:20 AM EDT # - hosts: mikrotiks # debugger: on_failed tasks: - name: get uptime on mikrotik devices routeros_command: commands: /system resource print ... Test host file # stub inventory file for ansible [mikrotiks] 10.0.0.99 [mikrotiks:vars] ansible_ssh_private_key_file=/home/dev1/.ssh/3101_dsa ansible_connection=network_cli ansible_port=22222 ansible_user=ttadmins ansible_network_os=routeros I have experimented with moving the ansible_ssh_private_key_file definition to a lot of locations: YAML file, Hosts file, Vars section, command line definition .... Full debug output /tmp/foo dev1@s5:~/TTLLC_ansible$ cat /tmp/foo 2019-05-28 13:51:48,813 p=dev1 u=22489 | ansible-playbook 2.9.0.dev0 config file = /etc/ansible/ansible.cfg configured module search path = [u'/home/dev1/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /home/dev1/src/ansible/lib/ansible executable location = /home/dev1/src/ansible/bin/ansible-playbook python version = 2.7.16 (default, Apr 6 2019, 01:42:57) [GCC 8.3.0] 2019-05-28 13:51:48,814 p=dev1 u=22489 | Using /etc/ansible/ansible.cfg as config file 2019-05-28 13:51:48,814 p=dev1 u=22489 | setting up inventory plugins 2019-05-28 13:51:48,821 p=dev1 u=22489 | host_list declined parsing /home/dev1/TTLLC_ansible/TTLLC_hosts as it did not pass it's verify_file() method 2019-05-28 13:51:48,821 p=dev1 u=22489 | script declined parsing /home/dev1/TTLLC_ansible/TTLLC_hosts as it did not pass it's verify_file() method 2019-05-28 13:51:48,821 p=dev1 u=22489 | auto declined parsing /home/dev1/TTLLC_ansible/TTLLC_hosts as it did not pass it's verify_file() method 2019-05-28 13:51:48,848 p=dev1 u=22489 | Parsed /home/dev1/TTLLC_ansible/TTLLC_hosts inventory source with ini plugin 2019-05-28 13:51:49,034 p=dev1 u=22489 | Loading callback plugin default of type stdout, v2.0 from /home/dev1/src/ansible/lib/ansible/plugins/callback/default.pyc 2019-05-28 13:51:49,080 p=dev1 u=22489 | PLAYBOOK: ansibleRouterOS.yml ************************************************************************************************************************************************************ 2019-05-28 13:51:49,080 p=dev1 u=22489 | 1 plays in ansibleRouterOS.yml 2019-05-28 13:51:49,089 p=dev1 u=22489 | PLAY [mikrotiks] ************************************************************************************************************************************************************************* 2019-05-28 13:51:49,098 p=dev1 u=22489 | TASK [Gathering Facts] ******************************************************************************************************************************************************************* 2019-05-28 13:51:49,110 p=dev1 u=22502 | <10.0.0.99> attempting to start connection 2019-05-28 13:51:49,110 p=dev1 u=22502 | <10.0.0.99> using connection plugin network_cli 2019-05-28 13:51:49,421 p=dev1 u=22508 | <10.0.0.99> ESTABLISH PARAMIKO SSH CONNECTION FOR USER: ttadmins on PORT 22222 TO 10.0.0.99 2019-05-28 13:51:49,683 p=dev1 u=22502 | <10.0.0.99> local domain socket does not exist, starting it 2019-05-28 13:51:49,683 p=dev1 u=22502 | <10.0.0.99> control socket path is /home/dev1/.ansible/pc/8b253d558a 2019-05-28 13:51:49,683 p=dev1 u=22502 | <10.0.0.99> loaded cliconf plugin for network_os routeros 2019-05-28 13:51:49,683 p=dev1 u=22502 | network_os is set to routeros 2019-05-28 13:51:49,683 p=dev1 u=22502 | <10.0.0.99> 22503 1559065909.36878: trying /home/dev1/src/ansible/lib/ansible/plugins/connection 22503 1559065909.40077: Loaded config def from plugin (connection/ssh) 22503 1559065909.40087: Loading Connection 'ssh' from /home/dev1/src/ansible/lib/ansible/plugins/connection/ssh.py (found_in_cache=False, class_only=True) 2019-05-28 13:51:49,683 p=dev1 u=22502 | The full traceback is: Traceback (most recent call last): File "/home/dev1/src/ansible/bin/ansible-connection", line 104, in start self.connection._connect() File "/home/dev1/src/ansible/lib/ansible/plugins/connection/network_cli.py", line 327, in _connect ssh = self.paramiko_conn._connect() File "/home/dev1/src/ansible/lib/ansible/plugins/connection/paramiko_ssh.py", line 245, in _connect self.ssh = SSH_CONNECTION_CACHE[cache_key] = self._connect_uncached() File "/home/dev1/src/ansible/lib/ansible/plugins/connection/paramiko_ssh.py", line 368, in _connect_uncached raise AnsibleConnectionFailure(msg) AnsibleConnectionFailure: Invalid key 2019-05-28 13:51:49,687 p=dev1 u=22489 | fatal: [10.0.0.99]: FAILED! => { "msg": "Invalid key" } 2019-05-28 13:51:49,689 p=dev1 u=22489 | PLAY RECAP ******************************************************************************************************************************************************************************* 2019-05-28 13:51:49,689 p=dev1 u=22489 | 10.0.0.99 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0 2019-05-28 13:51:49,756 p=dev1 u=22508 | shutdown complete -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] <mailto:[email protected]> . To post to this group, send email to [email protected] <mailto:[email protected]> . To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/0e8f3343-45b4-439f-a94a-7fae3f4f60c2%40googlegroups.com <https://groups.google.com/d/msgid/ansible-project/0e8f3343-45b4-439f-a94a-7fae3f4f60c2%40googlegroups.com?utm_medium=email&utm_source=footer> . For more options, visit https://groups.google.com/d/optout. -- Sent from a mobile device - please excuse the brevity, spelling and punctuation. -- You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/2iVbWmB5Y3A/unsubscribe. To unsubscribe from this group and all its topics, send an email to [email protected] <mailto:[email protected]> . To post to this group, send email to [email protected] <mailto:[email protected]> . To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAL8fbwPEH_d-dtov7wFR6BbTT5Ghzr6jGCDSb6xJPNC-9zjU0w%40mail.gmail.com <https://groups.google.com/d/msgid/ansible-project/CAL8fbwPEH_d-dtov7wFR6BbTT5Ghzr6jGCDSb6xJPNC-9zjU0w%40mail.gmail.com?utm_medium=email&utm_source=footer> . For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/00f901d51622%249a247f80%24ce6d7e80%24%40gmail.com. For more options, visit https://groups.google.com/d/optout.
