[ansible-project] Re: ansible_ssh_pass parameter with salt encrypt value of ansible_user password makes client server Unreachable on playbook run
Daniel, This is the configuration I have for this server that belongs to the apacheservers group that worked, with the root password explicitly entered in the ansible_ssh_pass parameter. [apacheservers] TestRHEL73tr1 ansible_host=XX.X.XX.XXX ansible_port=22 ansible_user=root ansible_ssh_pass= I tried to use the vault by creating a .vault_pass file with its content ansible_ssh_pass=value of root password, and then ran ansible-playbook CreateTestfile.yml --vault-password-file /root/.vault_pass, but I got this following error message: Attempted to read "/etc/ansible/hosts" as ini file: /etc/ansible/hosts:16: Expected key=value host variable assignment, got: ansible_ssh_pass Please help on how to properly use the vault concept in securing ansible playbook run. Thanks, Lorenzo On Saturday, July 29, 2017 at 7:44:54 AM UTC-10, Daniel JD wrote: > Also check out Ansible- Vault for more security. > > http://docs.ansible.com/ansible/latest/playbooks_vault.html > > > > Am Samstag, 29. Juli 2017 00:58:45 UTC+2 schrieb Lorenzo Farinas: >> >> I successfully created and tested some Ansible playbooks, that's when >> ansible_ssh_pass parameter value is the actual password of the ansible_user >> for the involved server specified in a group in the /etc/ansible/hosts file. >> >> But when the ansible_ssh_pass parameter was replaced with its salt >> encrypt value for security reasons, the playbook run would fail with the >> server Unreachable. Please advise. >> > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/dced7a6e-9ef1-45dc-b56b-7cb010539770%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: ansible_ssh_pass parameter with salt encrypt value of ansible_user password makes client server Unreachable on playbook run
I also want to know if anyone can help on how to fix this problem as even though I put back the plain text password to the ansible_ssh_pass parameter, the playbook run would still fail with the server Unreachable on the server that had the parameter replaced with its salt encrypt value. On Friday, July 28, 2017 at 12:58:45 PM UTC-10, Lorenzo Farinas wrote: > > I successfully created and tested some Ansible playbooks, that's when > ansible_ssh_pass parameter value is the actual password of the ansible_user > for the involved server specified in a group in the /etc/ansible/hosts file. > But when the ansible_ssh_pass parameter was replaced with its salt encrypt > value for security reasons, the playbook run would fail with the server > Unreachable. Please advise. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/9b0654ce-5120-4e41-abf9-ad6214521615%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Re: ansible_ssh_pass parameter with salt encrypt value of ansible_user password makes client server Unreachable on playbook run
I found a way to generate key pair using RSA on Ansible control machine, copied the public key to the client's /.ssh/authorized_keys. When I run a playbook, it prompts me for the password I used to protect the private key. I followed the SSH Agent Forwarding with Ansible notes by configuring the ssh_args parameter in the /etc/ansible/ansible.cfg file and the SSH_AUTH_SOCK Defaults parameter in the /etc/sudoers file of the client; but I'm still getting prompted with the password for private key on playbook run. What's the procedure to make the playbook run passwordless? - Thanks, Lorenzo On Thursday, August 10, 2017 at 11:04:16 AM UTC-10, Dick Visser wrote: > > On 10 August 2017 at 21:19, Lorenzo Farinas <farinas...@gmail.com > > wrote: > > Please provide the procedure on how to add ssh-agent and ssh keys to the > > client with reference to Ansible control machine. My research on this > task > > is not productive. - Thanks, Lorenzo > > Working with SSH keys and agents is considered a basic sysadmin skill > and and a prerequisite for ansible, so if this turns out to be > problematic then > it's a good idea to get familiar with this first. > This list isn't the right place for that, but the topic is thoroughly > documented on numerous places on the internet. > > > -- > Dick Visser > GÉANT > > Want to join us? We're hiring: https://www.geant.org/jobs > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/97bc875f-06bf-492e-8503-337950b06908%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Re: ansible_ssh_pass parameter with salt encrypt value of ansible_user password makes client server Unreachable on playbook run
Please provide the procedure on how to add ssh-agent and ssh keys to the client with reference to Ansible control machine. My research on this task is not productive. - Thanks, Lorenzo On Tuesday, August 8, 2017 at 7:44:13 AM UTC-10, Adrian Likins wrote: > > I tried to use the vault by creating a .vault_pass file with its content >> ansible_ssh_pass=value of root password, and then ran ansible-playbook >> CreateTestfile.yml --vault-password-file /root/.vault_pass, but I got this >> following error message: >> Attempted to read "/etc/ansible/hosts" as ini file: >> /etc/ansible/hosts:16: Expected key=value host variable assignment, got: >> ansible_ssh_pass >> > > To clarify some terms: > > 'vault password': A password used by vault to encrypt/decrypt content. > 'passwords stored in vault': A password for something like a user auth or > ssh private keys, that is stored in a vault (encrypted with ansible-vault > and a vault password) > > --vault-password-file is for reading a 'vault password' from a file. ie, a > password used by vault > for decrypting/encrypting. > > ansible_ssh_pass would need to be populated from a variable in a vault > encrypted vars file (or inventory file) for that example. > > > But that is the wrong approach. > > The right approach is: > > > > *Use ssh keys and ssh-agent instead of trying to store the password in > ansible. * > A working key based ssh and ssh-agent setup is a prerequisite for > practical ansible use. > > > > On Wed, Aug 2, 2017 at 4:50 PM, Lorenzo Farinas <farinas...@gmail.com > > wrote: > >> Daniel, >> >> This is the configuration I have for this server that belongs to the >> apacheservers group that worked, with the root password explicitly entered >> in the ansible_ssh_pass parameter. >> [apacheservers] >> TestRHEL73tr1 ansible_host=XX.X.XX.XXX ansible_port=22 >> ansible_user=root ansible_ssh_pass= >> >> I tried to use the vault by creating a .vault_pass file with its content >> ansible_ssh_pass=value of root password, and then ran ansible-playbook >> CreateTestfile.yml --vault-password-file /root/.vault_pass, but I got this >> following error message: >> Attempted to read "/etc/ansible/hosts" as ini file: >> /etc/ansible/hosts:16: Expected key=value host variable assignment, got: >> ansible_ssh_pass >> >> Please help on how to properly use the vault concept in securing ansible >> playbook run. >> >> Thanks, >> Lorenzo >> >> On Saturday, July 29, 2017 at 7:44:54 AM UTC-10, Daniel JD wrote: >> >>> Also check out Ansible- Vault for more security. >>> >>> http://docs.ansible.com/ansible/latest/playbooks_vault.html >>> >>> >>> >>> Am Samstag, 29. Juli 2017 00:58:45 UTC+2 schrieb Lorenzo Farinas: >>>> >>>> I successfully created and tested some Ansible playbooks, that's when >>>> ansible_ssh_pass parameter value is the actual password of the >>>> ansible_user >>>> for the involved server specified in a group in the /etc/ansible/hosts >>>> file. >>>> But when the ansible_ssh_pass parameter was replaced with its salt >>>> encrypt value for security reasons, the playbook run would fail with the >>>> server Unreachable. Please advise. >>>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to ansible-proje...@googlegroups.com . >> To post to this group, send email to ansible...@googlegroups.com >> . >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/dced7a6e-9ef1-45dc-b56b-7cb010539770%40googlegroups.com >> >> <https://groups.google.com/d/msgid/ansible-project/dced7a6e-9ef1-45dc-b56b-7cb010539770%40googlegroups.com?utm_medium=email_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/59b211b8-5dee-4410-a93f-c06dc64cd54c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] ansible_ssh_pass parameter with salt encrypt value of ansible_user password makes client server Unreachable on playbook run
I successfully created and tested some Ansible playbooks, that's when ansible_ssh_pass parameter value is the actual password of the ansible_user for the involved server specified in a group in the /etc/ansible/hosts file. But when the ansible_ssh_pass parameter was replaced with its salt encrypt value for security reasons, the playbook run would fail with the server Unreachable. Please advise. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/fab0aada-346c-40fd-96cb-a2d683c292fc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.