I'm working on a playbook that needs to connect to a couple of different servers through a proxy.
I was able to test the connection using putty and the proxy.
Basically, went to connections --> proxy, then select HTTP and added the proxy host.
But, I was not able to reproduce it with SSH from the Ansible server.
I tried different ssh commands:
ssh -L jumphost.example.org:80 fred#server.example.org -p 443
ssh -J jumphost.example.org:80 fred#server.example.org
ssh -o ProxyCommand="ssh -W %h:%p jumphost.example.org" server.example.org
ssh -tt jumphost.example.org ssh -tt server.example.org
I know there are different options that use nc but I didn't try them, because its not installed on the server.
Is there any way to connect to the remote host in ansible using the proxy?
Thanks
Can you try this ?
- hosts: all
remote_user: root
tasks:
- name: Install cobbler
package:
name: cobbler
state: present
environment:
http_proxy: http://proxy.example.com:8080
from: playbooks_environment
Related
is it possible to give me an hint in regards to Ansible and Windows host? I have set up a Ansible server and a Windows host. I am not able to execute win_ping. It seems that I have something messed up with the configuration on the server.
ansible win -m win_ping
Error message:
192.168.178.10 | FAILED! => {
"msg": "the connection plugin 'winrm ## The kind of connection which ansible will make with remote windows node' was not found"
}
Firewall config seems to configured properly. I am able to connect from the Ansible server to the Windows host:
b#b:~$ nc -vz 192.168.178.10 5986
Connection to 192.168.178.10 5986 port [tcp/*] succeeded!
b#b:~$ nc -vz 192.168.178.10 5985
Connection to 192.168.178.10 5985 port [tcp/*] succeeded!
This is the configuration of /etc/ansible/hosts
...
[win]
192.168.178.10
[win:vars]
ansible_user=a
ansible_password="xxxx"
ansible_connection=winrm
ansible_winrm_server_cert_validation=ignore
ansible_port=5986
...
Ansible uses the pywinrm package to communicate with Windows servers over WinRM. It is not installed by default with the Ansible package, but can be installed by running the following:
pip install "pywinrm>=0.3.0"
If you have installed the packages required and still facing the issue then I would recommend you to go through Ansible guide again.
https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html
I'm using Ubuntu Linux
I have created an inventory file and I have put my own system IP address there.
I have written a playbook to install the nginx package.
I'm getting the following error:
false, msg" : Failed to connect to the host via ssh: connect to host myip : Connection refused, unreachable=true
How can I solve this?
You could use the hosts keyword with the value localhost
- name: Install nginx package
hosts: localhost
tasks:
- name: Install nginx package
apt:
name: nginx
state: latest
Putting your host IP directly in your inventory treats your local machine as any other remote target. Although this can work, ansible will use the ssh connection plugin by default to reach your IP. If an ssh server is not installed/configured/running on your host it will fail (as you have experienced), as well as if you did not configure the needed credentials (ssh keys, etc.).
You don't need to (and in most common situations you don't want to) declare localhost in your inventory to use it as it is implicit by default. The implicit localhost uses the local connection plugin which does not need ssh at all and will use the same user to run the tasks as the one running the playbook.
For more information on connection plugins, see the current list
See #gary lopez answer for an example playbook to use localhost as target.
I am new to pgAdmin and to SSH tunnels. I am trying to establish a connection to a postgres DB with SSH tunnel. I am on Windows 10. I am given the following instructions (I changed all the names and ports in the below)
Add the following to your SSH config (~/.ssh/config):
Host prod
Hostname myorg.org.uk
User sshusername
IdentityFile idef.pem
LocalForward 9999 localforward.amazonaws.com:8888
Now you can tunnel your way through to PostgreSQL:
ssh -N prod
And now psql et al can connect (You must open a new Terminal window while the SSH tunnel is running):
psql -h localhost -p 9999 -U connectionusername -d dproduction
I am also given the dproduction database password for the database I am trying to connect to: dproduction_pwd
I don't understand where everything goes in pgAdmin. I did the following:
Create-Server:
Name = test
Connection:
Host Name/Address: localhost
Prot: 9999
Maintenance database: postgres
username: connectionusername
SSH Tunnel:
Tunnel host: myorg.org.uk
Tunnel post: 9999
username: sshusername
Identity file: C:\idef.pem
Password: dproduction_pwd
I must be doing something wrong, as I don't use LocalForward from the ssh config above, where does this go? putting it in Tunnel host does not work.
I managed to use SSH tunnel to access my database with Windows 10 SSH and PGAdmin SSH Tunnel. It did take a while. pgAdmin's document isn't very clear on this. Here's the difference I found:
When setting SSH tunnel with Windows 10 SSH, you need to forward a local port (9999 in your case) to the remote port (8888).
In pgAdmin, that local port is no longer needed. My guess is since it already knows you want to access which service through which tunnel, it takes care of the local port in the background. That tunnel port, in the most common cases, should be the SSH port 22.
My suggested changes to your current setting would be:
in SSH Tunnel tab, set Tunnel port to 22
in Connection tab, set Port to 8888
This should work.
I have one esxi host. I need to get some data for which i need to have linux on the same host. So i reboot the host with liveboot with rhel7.4. Perform some operations and then again i reboot the host with local boot.
So the problem is when the second boot has happened im not able to perform the tasks it is failing for ssh connection as follows
"stderr_lines": [
"Failed to login: Connection refused: The remote service is not running, OR is overloaded, OR a firewall is rejecting connections."
]
Login credential for both the os is same.
If i skip the middle reboot for linux os no error is occurred.
After each reboot i keep one check task as follow
- name: Wait for system to boot up
local_action: wait_for host="{{ host_name }}" port=22 state=started delay=25 timeout=3600
become: False
This is my ansible.cfg file
[defaults]
host_key_checking=False
[paramiko-connection]
record_host_keys=False
[ssh_connection]
ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null
Am i missing something ?
You are using ssh master sessions...
-o ControlMaster=auto -o ControlPersist=60s
...but you are connecting to the same host (same name and same ip) after a reboot which changes the underlying OS, so most probably with a change of host keys between the two OS. This is a perfect situation to get an existing master session hanging.
I would first disable ssh master session and see if it solves your issue. If it does and you still want to take advantage of master sessions for performance, you can re-enable them and perform a master session cleanup on the localhost right after you initiate the reboot. Simply remove the socket file in dir declared as ssh ControlPath
I want to test if the host I am provisioning can reach a specific server and connect to a specific TCP port. If it can't the playbook should fail.
How can I do that?
There is wait_for module for this.
To check that target.host can access remote.host:8080:
- hosts: target.host
tasks:
- wait_for: host=remote.host port=8080 timeout=1
- debug: msg=ok
There are a lot of other examples in the documentation.
Using wait_for is fine, however it requires the service is actually running and gives a reply.
If you just like to check whether the port is open in your firewall, you can use curl.
- name: Check if host is reachable
shell:
cmd: "/usr/bin/curl --connect-timeout 10 --silent --show-error remote.host:8080"
warn: no
executable: /bin/bash
register: res
failed_when: res.rc in [28] or res.stderr is search("No route to host")
When the port is open but service does not run you get an curl: (7) Failed connect to 10.192.147.224:27019; Connection refused" which you would consider as OK.
A connection blocked by firewall will return curl: (28) Connection timed out after 10001 milliseconds