Or: key is ok but it's not being used because of an ssh misconfig On Thu, 3 Sep 2020 at 06:44, Dick Visser <[email protected]> wrote:
> Sounds like a permission issue somewhere. > Can you manually sudo to whatever user your playbook is using and clone > the repo? > Key permissions ok? > Correct user? > > > > On Wed, 2 Sep 2020 at 23:34, Erick Sun <[email protected]> wrote: > >> Hello, thanks for taking a look! I am trying to install needed software >> on hosts running RHEL 7.x (Docker, Python, Intel Parallel Studio). During >> play to download Intel, the play is designed to ssh into and clone from >> remote Git repo. It has been verified that the local host' ssh key is >> known by remote server and also the server's ssh key is known to local >> host, although local host is not able to read from remote. Without going >> into too much detail, here is the set of plays being run in playbook.yml, >> as well as the inventory in hosts.yml. The playbook breaks at the "Clone >> cots_lfs repo" play: >> >> >> ######playbook.yml >> --- >> - hosts: all >> gather_facts: yes >> tasks: >> >> ###Set of plays that checks the host OS, RAM, and scratch Disk Space >> #Grab the Distribution and Version and check it is between 7.x and 8.0 >> - name: Distribution >> ... >> >> - name: Distribution version >> ... >> >> - name: Check that the Red Hat Version >= 7.x and < 8 >> ... >> >> #Check the Ram and that there's at least xxx MB >> - name: RAM >> ... >> >> - name: Check that the System Ram is > xxx MB >> ... >> >> #Check HD space of /local_path and that there's at least xxx MB. >> - name: Disk Space >> ... >> >> - name: Check that Disk Space is > xxx MB. >> ... >> >> ###Set of plays that checks the host RPMs and Services for Docker >> #Get RPM and Service Facts >> - name: Populate Host RPM Package Facts >> ... >> >> - name: Populate Host Service Facts >> ... >> >> #Docker Plays >> - name: Check if Docker is installed >> ... >> >> - name: Install Docker Dependencies if needed >> ... >> >> - name: Add the Public Docker Repo if needed >> ... >> >> - name: Install Docker Dependencies if needed >> ... >> >> - name: Install Docker service 18.x >> ... >> >> - name: Set the Docker http proxy file >> ... >> >> - name: Set the Docker daemon file >> ... >> >> - name: Ensure Docker group is created on host >> ... >> >> - name: Add users to Docker group >> ... >> >> - name: Initial Start of Docker Service >> ... >> >> - name: Set permissions on /var/run/docker.sock to 0666 >> ... >> >> - name: Stop Docker Service >> ... >> >> - name: Reload Docker Service >> ... >> >> - name: Enable and Start Docker Service >> ... >> >> - name: Print Docker Service Info >> ... >> >> ###Set of plays that checks the host RPMs and Services for Python3 >> #Check Python plays >> - name: Check for Python3 >> ... >> >> - name: Install Python3 if needed >> ... >> >> - name: Check for Python3-Pip >> ... >> >> - name: Install Python3-Pip if needed >> ... >> >> - name: Check for Python-Virtualenv >> ... >> >> - name: Install >> >> >> >> Python-Virtualenv if needed >> ... >> >> - name: Run script to create Python Virtual environment >> ... >> >> ###Set of plays that checks the host's git lfs installation >> - name: Install git-lfs if needed >> ... >> >> ###Set of plays that installs Intel >> - name: Check if Intel is installed in /opt/ >> ... >> >> - name: Clone cots_lfs repo >> clone: yes >> repo: 'ssh://<url/cots_lfs.git>' >> dest: /local_path/cots_lfs >> version: intel_parallel_studio_full >> update: yes >> clone: yes >> force: yes >> when: not intel_exists.stat.exists >> >> - name: Install Intel >> ... >> >> ###Set of plays that modifies the hosts /etc/ files >> - name: Run modify system files script >> ... >> >> - name: Restart host if system files have been modified >> ... >> >> - name: Restart Docker service if host was rebooted >> ... >> >> >> ######hosts.yml >> --- >> all: >> hosts: >> localhost >> children: >> watermarked: >> vars: >> proxy: <url> >> hosts: >> Workstation1: >> ansible_host: <ip_addr> >> Workstation2: >> ansible_host: <ip_addr> >> ... >> >> nonwatermarked: >> hosts: >> Workstation1: >> ansible_host: <ip_addr> >> Workstation2: >> ansible_host: <ip_addr> >> ... >> >> offline: >> hosts: >> <ip_addr> >> >> >> >> Thanks, >> Erick >> >> >> >> On Wednesday, September 2, 2020 at 1:37:01 AM UTC-7 [email protected] >> wrote: >> >>> You need to give more info. Playbooks, inventory, what are you trying >>> >>> >>> to achieve, etc. >>> >>> >>> >>> >>> >>> On Tue, 1 Sep 2020 at 23:48, Erick Sun <[email protected]> wrote: >>> >>> >>> > >>> >>> >>> > Host SSH key not recognized when trying to SSH into remote repository >>> using Ansible playbook. Remote repository was verified to have the correct >>> SSH key from host, but still wouldn't recognize host when trying to clone >>> from the repository. Ran Ansible on 15 hosts, 13 were successful, 1 failed >>> to clone from remote repo even though they were configured the same. Here >>> is the actual error received. Can anyone help, please? Thx >>> >>> >>> > >>> >>> >>> > fatal: [Host]: FAILED! => {"changed": false, "cmd": "/usr/bin/git >>> clone --origin origin 'ssh:<path_to_repo>' /local_path", "msg": "FIPS mode >>> initialized\r\nDisabling GSSAPIKeyExchange. Not usable in FIPS >>> mode\r\nPermission denied (publickey).\r\nfatal: Could not read from remote >>> repository.\n\nPlease make sure you have the correct access rights\nand the >>> repository exists.", "rc": 128, "stderr": "FIPS mode >>> initialized\r\nDisabling GSSAPIKeyExchange. Not usable in FIPS >>> mode\r\nPermission denied (public key).\r\nfatal: Could not read from >>> remote repository.\n\nPlease make sure you have the corr ect access >>> rights\nand the repository exists.\n", "stderr_lines": ["FIPS mode >>> initialized", "Disabling GSSAPIKeyExchange. Not usable in FIPS mode", >>> "Permission denied (publickey).", "fatal: Could not read from remote >>> repository.", "", "Please make sure you have the correct access rights", >>> "and the repository exists."], "stdout": "Cloning into '/local_path'...\n", >>> "stdout_lines": ["Cloning into '/local_path'..."]} >>> >>> >>> > >>> >>> >>> > -- >>> >>> >>> > You received this message because you are subscribed to the Google >>> Groups "Ansible Project" group. >>> >>> >>> > To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> >>> >>> > To view this discussion on the web visit >>> https://groups.google.com/d/msgid/ansible-project/e84682be-85ac-47b8-8c80-661de0f5dbc6n%40googlegroups.com >>> . >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> -- >>> >>> >>> Dick Visser >>> >>> >>> Trust & Identity Service Operations Manager >>> >>> >>> GÉANT >>> >>> >>> >> >> >> >> >> >> >> >> -- >> >> >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> >> >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> >> >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/1ca775c3-320c-4139-8f13-d61ae64c7d41n%40googlegroups.com >> <https://groups.google.com/d/msgid/ansible-project/1ca775c3-320c-4139-8f13-d61ae64c7d41n%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> >> -- > Sent from a mobile device - please excuse the brevity, spelling and > punctuation. > > > -- Sent from a mobile device - please excuse the brevity, spelling and punctuation. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAL8fbwPssafzbrS-hFADjOQ96gm5hqOzm-2aju8tsx%3D_-iH31A%40mail.gmail.com.
