I'm using Ansible 2.4.1.0 and Vagrant 2.0.1 with VirtualBox on osx and although provisioning of my vagrant box works fine with ansible, I get an unreachable error when I try to ping with:
➜ ansible all -m ping
vagrant_django | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,password).\r\n",
"unreachable": true
}
The solutions offered on similar questions didn't work for me (like adding the vagrant insecure pub key to my ansible config). I just can't get it to work with the vagrant insecure public key.
Fwiw, here's my ansible.cfg file:
[defaults]
host_key_checking = False
inventory = ./ansible/hosts
roles_path = ./ansible/roles
private_key_file = ~/.vagrant.d/insecure_private_key
And here's my ansible/hosts file (ansible inventory):
[vagrantboxes]
vagrant_vm ansible_ssh_user=vagrant ansible_ssh_host=192.168.10.100 ansible_ssh_port=22 ansible_ssh_private_key_file=~/.vagrant.d/insecure_private_key
What did work was using my own SSH public key. When I add this to the authorized_keys on my vagrant box, I can ansible ping:
➜ ansible all -m ping
vagrant_django | SUCCESS => {
"changed": false,
"failed": false,
"ping": "pong"
}
I can't connect via ssh either, so that seems to be the underlying problem. Which is fixed by adding my own pub key to the vagrant box in authorized_hosts.
I'd love to know why it doesn't work with the vagrant insecure key. Does anyone know?
PS: To clarify, although the root cause is similar to this other question, the symptoms and context are different. I could provision my box with ansible, but couldn't ansible ping it. This justifies another question imho.
I'd love to know why it doesn't work with the vagrant insecure key. Does anyone know?
Because Vagrant insecure key is used for the initial connection to the box only. By default Vagrant replaces it with a freshly-generated key, which you’ll find in .vagrant/machines/<machine_name>/virtualbox/private_key under the project directory.
You’ll also find an automatically generated Ansible inventory in .vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory, if you use Ansible provisioner in Vagrantfile, so you don't need to create your own.
Related
I am trying to set up my ansible host to connect to windows. However ping is failing with the following error:
sudo ansible win -m win_ping
hostname | UNREACHABLE! => {
"changed": false,
"msg": "basic: HTTPConnectionPool(host='hostname', port=5986): Read timed out. (read timeout=30)",
"unreachable": true
}
pywinrm is installed on my linux box and WinRM is installed on the windows box.
Hosts file:
[win]
systemname
[win:vars]
ansible_user=username
ansible_password=passord
ansible_connection=winrm
ansible_winrm_scheme=http
ansible_winrm_server_cert_validation=ignore
ansible_winrm_transport=basic
Appreciate any advice.
Thanks.
Disabling the Windows Firewall (Domain, private and public networks) in the Windows box, fixed the issue for me.
Can you double check the WinRM Listener settings:
winrm enumerate winrm/config/Listener
If the output is what you expect, can you test a command on the local server as shown here:
winrs -r:http://server:5985/wsman -u:Username -p:Password ipconfig
Ansible has a good reference on this topic as well.
Since my company needs time to consider security issues with WinRM which is used by Ansible to manage windows hosts I was thinking about doing it via Cygwin ssh connection which we already have installed.
Is this even possible?
I tried to setup env variables like that:
ansible_connection: ssh
ansible_shell_type: cmd
End I'm trying to create a folder with the folliwng playbook:
- name: Ensure C:\Temp exists
win_file:
path: C:\Temp
state: directory
Gathering Facts is succesfull, but I'm getting: FAILED! => {"changed": false, "msg": "Unhandled exception while executing module: The system cannot find the path specified"}
In theory, Ansible, since v.2.8, supports doing connections through SSH, new windows even come with a Microsoft fork of OpenSSH.
I am having trouble to make it work (that's how I ended up here), but I recommend you to take a look to the following links:
https://docs.ansible.com/ansible/latest/user_guide/windows_setup.html#windows-ssh-setup
If you can do SSH using the PK, but you get an unreachable from Ansible, you may need to check also this:
How to fix "Unreachable" when ping windows with ansible over ssh?
For Windows Server 2019/10's OpenSSH configuration:
https://www.youtube.com/watch?v=Cs3wBl_mMH0
Setting up OpenSSH for Windows using public key authentication
I have one machine (A) from which I run Ansible playbooks on a variety of hosts. Vagrant is not installed here.
I have another machine (B) with double the RAM that hosts my Vagrant boxes. Ansible is not installed here.
I want to use Ansible to act on Vagrant boxes the same way I do all other hosts; that is, running ansible-playbook on machineA while targeting a virtualized Vagrant box on machineB. SSH keys are already set up between the two.
This seems like a simple use case but I can't find it clearly explained anywhere given the encouraged use of Vagrant's built-in Ansible provisioner. Is it possible?
Perhaps some combination of SSH tunnels and port forwarding trickery?
Turns out this was surprisingly simple. Vagrant in fact does not need to know about Ansible at all.
Ansible inventory on machineA:
default ansible_host=machineB ansible_port=2222
Vagrantfile on machineB:
Vagrant.configure("2") do |config|
...
config.vm.network "forwarded_port", id: "ssh", guest: 22, host: 2222
...
end
The id: "ssh" is the important bit, as this overrides the default SSH behavior of restricting SSH to the guest from localhost only.
$ ansible --private-key=~/.ssh/vagrant-default -u vagrant -m ping default
default | SUCCESS => {
"changed": false,
"ping": "pong"
j }
(Note that the Vagrant private key must be copied over to the Ansible host and specified at the command line).
When running commands with ansible on a vagrant box, it is using the identity file located here:
IdentityFile="/Users/me/.vagrant.d/boxes/ubuntu-VAGRANTSLASH-trusty32/0/virtualbox/vagrant_private_key"
Instead of the file on the box: ~/.ssh/id_rsa
What can I do to fix this? This is my task by the way:
---
- name: Fetch the Htt Database
run_once: true
delegate_to: 543.933.824.210
remote_user: ubuntu
become_user: root
fetch: src=/home/ubuntu/file.sql.gz dest=/tmp/file.sql.bz fail_on_missing=yes
By-default vagrant use insecure_private_key to login vagrant user and that is not secure because every one know that key so if you want to use your ssh key then you can modify your Vagrantfile by adding lines
config.ssh.username = "username"
config.ssh.private_key_path = "fullpath-of-ssh-private-key"
config.ssh.insert_key = false
According to vagrant Documentation
config.ssh.insert_key - If true, Vagrant will automatically insert an
keypair to use for SSH, replacing the default Vagrant's insecure key
inside the machine if detected. By default, this is true.
This only has an effect if you don't already use private keys for
authentication or if you are relying on the default insecure key. If
you don't have to take care about security in your project and want to
keep using the default insecure key, set this to false.
also make sure you have public-key of your private-key in guest vm at /home/username/.ssh
For info you can use vagrant Documentation
I am trying to run Vagrant with Ansible on my Mac to create and provision a Windows 7 VM. I am able to "vagrant up" when I don't invoke Ansible in the Vagrantfile.
I am using the following playbook.yml
---
- hosts: all
tasks:
- name: run win ping
win_ping:
When I add the ansible code to my Vagrantfile, I get the following error
GATHERING FACTS ***************************************************************
failed: [default] => {"failed": true, "parsed": false}
/bin/sh: /usr/bin/python: No such file or directory
To me, this error means it fails to find Python because it is looking for Python as if it is a Linux machine.
Separately, I have run
ansible windows -m win_ping
where windows is the IP address to the VM brought up by Vagrant so I suspect the issue is not with Ansible but with how Vagrant is invoking Ansible.
Has anyone tried Vagrant + Ansible for a Windows VM? Is there something obvious that I am missing (perhaps an option to pass to Ansible)?
I am using Vagrant version 1.7.2 and Ansible version 1.8.3
With Ansible provisioning a Windows box (either Vagrant, VM or real machine) the configuration is much more important in the first place. Before crafting your playbook, you should have a correct configuration in place.
Having a Windows box managed by Vagrant, your configuration file group_vars/windows-dev should contain something like:
ansible_user: IEUser
ansible_password: Passw0rd!
ansible_port: 55986 # not 5986, as we would use for non-virtualized environments
ansible_connection: winrm
ansible_winrm_server_cert_validation: ignore
Be sure to insert the correct credentials and choose the right port for ansible-port. Working with Vagrant, you can get the correct port from the log-messages produced by Vagrant after a vagrant up. In my case this looks like this:
==> default: Forwarding ports...
default: 5985 (guest) => 55985 (host) (adapter 1)
default: 5986 (guest) => 55986 (host) (adapter 1)
My Vagrantfile could be found here, if you´re interested. It uses the Microsoft Edge on Windows 10 Stable (14.xxx) image from https://developer.microsoft.com/en-us/microsoft-edge/tools/vms.
Now the win_ping module should work - assuming that you´ve done all the necessary preparing steps on your Windows box which center around executing the script ConfigureRemotingForAnsible.ps1 (more Information could be found in the Making Windows Ansible ready chapter in this blog post):
ansible windows-dev -i hostsfile -m win_ping
Only, if this gives you an SUCCESS you should proceed with crafting your playbook.
In my Windows provisioning playbook I set this in the header:
gather_facts: no