Sounds like a permission issue somewhere. Can you manually sudo to whatever user your playbook is using and clone the repo? Key permissions ok? Correct user?
On Wed, 2 Sep 2020 at 23:34, Erick Sun <[email protected]> wrote: > Hello, thanks for taking a look! I am trying to install needed software > on hosts running RHEL 7.x (Docker, Python, Intel Parallel Studio). During > play to download Intel, the play is designed to ssh into and clone from > remote Git repo. It has been verified that the local host' ssh key is > known by remote server and also the server's ssh key is known to local > host, although local host is not able to read from remote. Without going > into too much detail, here is the set of plays being run in playbook.yml, > as well as the inventory in hosts.yml. The playbook breaks at the "Clone > cots_lfs repo" play: > > > ######playbook.yml > --- > - hosts: all > gather_facts: yes > tasks: > > ###Set of plays that checks the host OS, RAM, and scratch Disk Space > #Grab the Distribution and Version and check it is between 7.x and 8.0 > - name: Distribution > ... > > - name: Distribution version > ... > > - name: Check that the Red Hat Version >= 7.x and < 8 > ... > > #Check the Ram and that there's at least xxx MB > - name: RAM > ... > > - name: Check that the System Ram is > xxx MB > ... > > #Check HD space of /local_path and that there's at least xxx MB. > - name: Disk Space > ... > > - name: Check that Disk Space is > xxx MB. > ... > > ###Set of plays that checks the host RPMs and Services for Docker > #Get RPM and Service Facts > - name: Populate Host RPM Package Facts > ... > > - name: Populate Host Service Facts > ... > > #Docker Plays > - name: Check if Docker is installed > ... > > - name: Install Docker Dependencies if needed > ... > > - name: Add the Public Docker Repo if needed > ... > > - name: Install Docker Dependencies if needed > ... > > - name: Install Docker service 18.x > ... > > - name: Set the Docker http proxy file > ... > > - name: Set the Docker daemon file > ... > > - name: Ensure Docker group is created on host > ... > > - name: Add users to Docker group > ... > > - name: Initial Start of Docker Service > ... > > - name: Set permissions on /var/run/docker.sock to 0666 > ... > > - name: Stop Docker Service > ... > > - name: Reload Docker Service > ... > > - name: Enable and Start Docker Service > ... > > - name: Print Docker Service Info > ... > > ###Set of plays that checks the host RPMs and Services for Python3 > #Check Python plays > - name: Check for Python3 > ... > > - name: Install Python3 if needed > ... > > - name: Check for Python3-Pip > ... > > - name: Install Python3-Pip if needed > ... > > - name: Check for Python-Virtualenv > ... > > - name: Install > > > > Python-Virtualenv if needed > ... > > - name: Run script to create Python Virtual environment > ... > > ###Set of plays that checks the host's git lfs installation > - name: Install git-lfs if needed > ... > > ###Set of plays that installs Intel > - name: Check if Intel is installed in /opt/ > ... > > - name: Clone cots_lfs repo > clone: yes > repo: 'ssh://<url/cots_lfs.git>' > dest: /local_path/cots_lfs > version: intel_parallel_studio_full > update: yes > clone: yes > force: yes > when: not intel_exists.stat.exists > > - name: Install Intel > ... > > ###Set of plays that modifies the hosts /etc/ files > - name: Run modify system files script > ... > > - name: Restart host if system files have been modified > ... > > - name: Restart Docker service if host was rebooted > ... > > > ######hosts.yml > --- > all: > hosts: > localhost > children: > watermarked: > vars: > proxy: <url> > hosts: > Workstation1: > ansible_host: <ip_addr> > Workstation2: > ansible_host: <ip_addr> > ... > > nonwatermarked: > hosts: > Workstation1: > ansible_host: <ip_addr> > Workstation2: > ansible_host: <ip_addr> > ... > > offline: > hosts: > <ip_addr> > > > > Thanks, > Erick > > > > On Wednesday, September 2, 2020 at 1:37:01 AM UTC-7 [email protected] > wrote: > >> You need to give more info. Playbooks, inventory, what are you trying >> >> >> to achieve, etc. >> >> >> >> >> >> On Tue, 1 Sep 2020 at 23:48, Erick Sun <[email protected]> wrote: >> >> >> > >> >> >> > Host SSH key not recognized when trying to SSH into remote repository >> using Ansible playbook. Remote repository was verified to have the correct >> SSH key from host, but still wouldn't recognize host when trying to clone >> from the repository. Ran Ansible on 15 hosts, 13 were successful, 1 failed >> to clone from remote repo even though they were configured the same. Here >> is the actual error received. Can anyone help, please? Thx >> >> >> > >> >> >> > fatal: [Host]: FAILED! => {"changed": false, "cmd": "/usr/bin/git clone >> --origin origin 'ssh:<path_to_repo>' /local_path", "msg": "FIPS mode >> initialized\r\nDisabling GSSAPIKeyExchange. Not usable in FIPS >> mode\r\nPermission denied (publickey).\r\nfatal: Could not read from remote >> repository.\n\nPlease make sure you have the correct access rights\nand the >> repository exists.", "rc": 128, "stderr": "FIPS mode >> initialized\r\nDisabling GSSAPIKeyExchange. Not usable in FIPS >> mode\r\nPermission denied (public key).\r\nfatal: Could not read from >> remote repository.\n\nPlease make sure you have the corr ect access >> rights\nand the repository exists.\n", "stderr_lines": ["FIPS mode >> initialized", "Disabling GSSAPIKeyExchange. Not usable in FIPS mode", >> "Permission denied (publickey).", "fatal: Could not read from remote >> repository.", "", "Please make sure you have the correct access rights", >> "and the repository exists."], "stdout": "Cloning into '/local_path'...\n", >> "stdout_lines": ["Cloning into '/local_path'..."]} >> >> >> > >> >> >> > -- >> >> >> > You received this message because you are subscribed to the Google >> Groups "Ansible Project" group. >> >> >> > To unsubscribe from this group and stop receiving emails from it, send >> an email to [email protected]. >> >> >> > To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/e84682be-85ac-47b8-8c80-661de0f5dbc6n%40googlegroups.com >> . >> >> >> >> >> >> >> >> >> >> >> >> -- >> >> >> Dick Visser >> >> >> Trust & Identity Service Operations Manager >> >> >> GÉANT >> >> >> > > > > > > > > -- > > > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > > > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > > > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/1ca775c3-320c-4139-8f13-d61ae64c7d41n%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/1ca775c3-320c-4139-8f13-d61ae64c7d41n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > > -- Sent from a mobile device - please excuse the brevity, spelling and punctuation. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAL8fbwP3LCeqdh6Nis4kOkS64Okc_Zz7KAG_Y5sAS26WdKsYAQ%40mail.gmail.com.
