Sharing my testcase below demonstrating the problem that one can replicate:
I have ssh connectivity from ansible host to JUMP Servers with root user as below: anuser1@ANSIBLE_HOST# ssh [email protected] ----------> success anuser1@ANSIBLE_HOST# ssh [email protected] ----------> success Below is the command i use to execute my playbook: ansible-playbook /app/playbook/injectkey/injectkey.yml -e JUMP_SERVER='10.0.0.1\n10.0.0.2' -e TARGET_SERVER='192.0.0.99' -e TARGET_USER='root' -vvv Below is my playbook injectkey.yml: --- - name: "Play 1" hosts: localhost gather_facts: false tags: always tasks: - name: Add host debug: msg: " hello " - set_fact: jump_server_list: "{{ JUMP_SERVER | trim }}" - set_fact: target_server_list: "{{ TARGET_SERVER | trim }}" - add_host: hostname: "{{ item }}" groups: jump_nodes with_items: "{{ jump_server_list.split('\n') }}" - add_host: hostname: "{{ item }}" groups: dest_nodes with_items: "{{ target_server_list.split('\n') }}" - name: "Play 3" hosts: dest_nodes user: root gather_facts: false ignore_unreachable: yes tasks: - name: DEEBUG Inject ssh keys by invoking script include_tasks: testcheckandaddkey.yml with_items: "{{ groups['jump_nodes'] }}" The issue is with task -> CHECK RAW1 in the testcheckandaddkey.yml which is as below: --- - name: CHECK LOOP ignore_errors: yes debug: msg: "/tmp/addkeyscript.sh {{ item }} {{ inventory_hostname }} {{ TARGET_USER }}" delegate_to: localhost - name: CHECK RAW ignore_errors: yes raw: "echo {{ item }} {{ inventory_hostname }} {{ TARGET_USER }}" delegate_to: localhost - name: CHECK LOOP2 ignore_errors: yes debug: msg: "/tmp/addkeyscript.sh {{ item }} {{ inventory_hostname }} {{ TARGET_USER }}" delegate_to: "{{ item }}" - name: CHECK RAW1 ignore_errors: yes raw: "echo {{ item }} {{ inventory_hostname }} {{ TARGET_USER }}" delegate_to: "{{ item }}" In the testcheckandaddkey.yml i can see both IPs in debug module but the delegation does not happen for the second IP 10.0.0.2 with raw module as visible in the output below. Output: TASK [DEEBUG Inject ssh keys by invoking script] *********************************************************************************************************************** task path: /app/playbook/injectkey/injectkey.yml:93 included: /app/playbook/injectkey/testcheckandaddkey.yml for 192.0.0.99 included: /app/playbook/injectkey/testcheckandaddkey.yml for 192.0.0.99 TASK [CHECK LOOP] ****************************************************************************************************************************************************** task path: /app/playbook/injectkey/testcheckandaddkey.yml:4 ok: [192.0.0.99 -> localhost] => { "msg": "/tmp/addkeyscript.sh 10.0.0.1 192.0.0.99 root" } TASK [CHECK RAW] ******************************************************************************************************************************************************* task path: /app/playbook/injectkey/testcheckandaddkey.yml:10 <localhost> ESTABLISH LOCAL CONNECTION FOR USER: ansibleuser <localhost> EXEC echo 10.0.0.1 192.0.0.99 root changed: [192.0.0.99 -> localhost] => { "changed": true, "rc": 0, "stderr": "", "stderr_lines": [], "stdout": "10.0.0.1 192.0.0.99 root\n", "stdout_lines": [ "10.0.0.1 192.0.0.99 root" ] } TASK [CHECK LOOP2] ***************************************************************************************************************************************************** task path: /app/playbook/injectkey/testcheckandaddkey.yml:15 ok: [192.0.0.99 -> 10.0.0.1] => { "msg": "/tmp/addkeyscript.sh 10.0.0.1 192.0.0.99 root" } TASK [CHECK RAW1] ****************************************************************************************************************************************************** task path: /app/playbook/injectkey/testcheckandaddkey.yml:21 <10.0.0.1> ESTABLISH SSH CONNECTION FOR USER: root <10.0.0.1> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/home/ansibleuser/.ansible/cp/1a88418cb1 -tt 10.0.0.1 'echo 10.0.0.1 192.0.0.99 root' <10.0.0.1> (0, '10.0.0.1 192.0.0.99 root\r\n', 'Shared connection to 10.0.0.1 closed.\r\n') changed: [192.0.0.99 -> 10.0.0.1] => { "changed": true, "rc": 0, "stderr": "Shared connection to 10.0.0.1 closed.\r\n", "stderr_lines": [ "Shared connection to 10.0.0.1 closed." ], "stdout": "10.0.0.1 192.0.0.99 root\r\n", "stdout_lines": [ "10.0.0.1 192.0.0.99 root" ] } TASK [CHECK LOOP] ****************************************************************************************************************************************************** task path: /app/playbook/injectkey/testcheckandaddkey.yml:4 ok: [192.0.0.99 -> localhost] => { "msg": "/tmp/addkeyscript.sh 10.0.0.2 192.0.0.99 root" } TASK [CHECK RAW] ******************************************************************************************************************************************************* task path: /app/playbook/injectkey/testcheckandaddkey.yml:10 <localhost> ESTABLISH LOCAL CONNECTION FOR USER: ansibleuser <localhost> EXEC echo 10.0.0.2 192.0.0.99 root changed: [192.0.0.99 -> localhost] => { "changed": true, "rc": 0, "stderr": "", "stderr_lines": [], "stdout": "10.0.0.2 192.0.0.99 root\n", "stdout_lines": [ "10.0.0.2 192.0.0.99 root" ] } TASK [CHECK LOOP2] ***************************************************************************************************************************************************** task path: /app/playbook/injectkey/testcheckandaddkey.yml:15 ok: [192.0.0.99 -> 10.0.0.2] => { "msg": "/tmp/addkeyscript.sh 10.0.0.2 192.0.0.99 root" } TASK [CHECK RAW1] ****************************************************************************************************************************************************** task path: /app/playbook/injectkey/testcheckandaddkey.yml:21 <10.0.0.2> ESTABLISH SSH CONNECTION FOR USER: root <10.0.0.2> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/home/ansibleuser/.ansible/cp/42c5d2e05f -tt 10.0.0.2 'echo 10.0.0.2 192.0.0.99 root' <10.0.0.2> (255, '', 'Permission denied (publickey,password,keyboard-interactive).\r\n') fatal: [192.0.0.99]: UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh: Permission denied (publickey,password,keyboard-interactive).", "skip_reason": "Host 192.0.0.99 is unreachable", "unreachable": true } For TASK [CHECK RAW1] I was expecting changed: [192.0.0.99 -> 10.0.0.2] => { just like how i got the other IP changed: [192.0.0.99 -> 10.0.0.1] => { but instead i get fatal: [192.0.0.99]: UNREACHABLE! => { >From the output: <10.0.0.2> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/home/ansibleuser/.ansible/cp/42c5d2e05f -tt 10.0.0.2 'echo 10.0.0.2 192.0.0.99 root' I tried the above ssh command from the problematic task CHECK RAW1 manually and it works fine !! Can you please suggest how can i get the delegation to both the IPs to work instead of the single IP? Any workaround trick to get this to work will be greatly appreciated. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/f173489d-6a86-41a5-bdd7-6d21b2443926n%40googlegroups.com.
