I am trying to learn ansible, and am following the o'riley Ansible Up and running book.
In the getting started section of the book, it asks me to install ansible, virtualbox and vagrant and then via CLI run:
vagrant init ubuntu/trusty64
vagrant up
Afterwards I can ssh into the VM via vagrant ssh or via:
ssh vagrant#127.0.0.1 -p 2222 -i /Users/XXX/playbooks/.vagrant/machines/default/virtualbox/private_key
Next is creating the hosts file which looks like this:
testserver ansible_ssh_host=127.0.0.1 ansible_ssh_port=2222 \ ansible_ssh_user=vagrant \ ansible_ssh_private_key_file=.vagrant/machines/default/virtualbox/private_key
Lastly is running this command:
ansible testserver -i hosts -m ping
Which gets me:
testserver | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh.",
"unreachable": true
}
Adding -vvv gets me:
No config file found; using defaults
<127.0.0.1> ESTABLISH SSH CONNECTION FOR USER: None
<127.0.0.1> SSH: EXEC ssh -C -q -o ControlMaster=auto -o ControlPersist=60s -o Port=2222 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/Users/XXX/.ansible/cp/ansible-ssh-%h-%p-%r 127.0.0.1 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1468541275.7-255802522359895 `" && echo ansible-tmp-1468541275.7-255802522359895="` echo $HOME/.ansible/tmp/ansible-tmp-1468541275.7-255802522359895 `" ) && sleep 0'"'"''
testserver | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh.",
"unreachable": true
}
I tried modifying ansible_ssh_private_key_file in the hosts file to point to the full path of the private key, but that still didn't work:
ansible testserver -i hosts -m ping -vvv
No config file found; using defaults
<127.0.0.1> ESTABLISH SSH CONNECTION FOR USER: None
<127.0.0.1> SSH: EXEC ssh -C -q -o ControlMaster=auto -o ControlPersist=60s -o Port=2222 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/Users/XXX/.ansible/cp/ansible-ssh-%h-%p-%r 127.0.0.1 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1468541370.61-137685863794569 `" && echo ansible-tmp-1468541370.61-137685863794569="` echo $HOME/.ansible/tmp/ansible-tmp-1468541370.61-137685863794569 `" ) && sleep 0'"'"''
testserver | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh.",
"unreachable": true
}
This is my Ansible version:
ansible --version
ansible 2.1.0.0
config file =
configured module search path = Default w/o override
Anyone have any ideas why ansible isn't connecting to my vagrant VM?
I don't see any of your inventory variables past the first one taking effect in the ssh command. Does your inventory file really look like this?
testserver ansible_ssh_host=127.0.0.1 ansible_ssh_port=2222 \ ansible_ssh_user=vagrant \ ansible_ssh_private_key_file=.vagrant/machines/default/virtualbox/private_key
You shouldn't have backslashes in there. The direct reformatting is
testserver ansible_ssh_host=127.0.0.1 ansible_ssh_port=2222 ansible_ssh_user=vagrant ansible_ssh_private_key_file=.vagrant/machines/default/virtualbox/private_key
However, in the long run you probably want to split these out into separate host_vars files.
Related
Ansible 2.9.27. Target is Linux CentOs7
'become sudo' always fails with the error Timeout (12s) waiting for privilege escalation prompt
When I try manually, sudo su takes about 60 seconds to return a prompt. I don't know why, but I'd like to know how to change the timeout so that Ansible waits more time for become.
I've tried different solutions I found in StackOverflow, such as running with -c paramiko, but they didn't work.
<myhostname.com> ESTABLISH SSH CONNECTION FOR USER: myuserid
<myhostname.com> SSH: EXEC sshpass -d8 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'User="myuserid"' -o ConnectTimeout=10 -o StrictHostKeyChecking=no -o ControlPath=/home/myuserid/.ansible/xx/e123e1234e myhostname.com '/bin/sh -c '"'"'rm -f -r /tmp/myuserid/ansible/ansible-tmp-12334567890/ > /dev/null 2>&1 && sleep 0'"'"''
<myhostname.com> (0, '', '')
fatal: [myhostname.com]: FAILED! => {"msg": "Timeout (12s) waiting for privilege escalation prompt: \r\n"
There are multiple ways, one way is to set environment variable as below
export ANSIBLE_TIMEOUT=120;
Run the playbook on same terminal where environment variable is set.
(There are already a few questions about this, but no solution worked for me)
On the servers I work on, we have to "sudo su - webapps" and then run our commands as webapps.
Ansible does not provide a native way to do this I believe (sudo only is available but the sysadmins restricted the list of commands I can run it with, su is available with Ansible but does not work on its own on the servers).
I've tried
https://www.coveros.com/ansible-privledge-escalation-using-sudo-su/
[privilege_escalation]
become_exe=sudo su -
With playbook :
---
- hosts:
- test
become: yes
become_user: webapps
become_method: su
tasks:
- name: Updates file
copy:
src: a.txt
dest: dest/a.txt
Running it gives :
SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o
ControlPersist=60s -o KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o 'User="myUser"' -o ConnectTimeout=10 -o ControlPath=/Users/lmoreau/.ansible/cp/d895b40f7e -tt myServer '/bin/sh -c '"'"'sudo su - webapps -c '"'"'"'"'"'"'"'"'/bin/sh -c
'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'echo
BECOME-SUCCESS-nxilvumwmfikgyuisutwiwobidrgqpao ; /usr/bin/python
/var/tmp/ansible-tmp-1583355901.6967812-200466745901442/AnsiballZ_setup.py'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"''"'"'"'"'"'"'"'"'
&& sleep 0'"'"''
...
"msg": "Timeout (12s) waiting for privilege escalation prompt: \r\nWe
trust you have received the usual lecture from the local
System\r\nAdministrator. It usually boils down to these three
things:\r\n\r\n #1) Respect the privacy of others.\r\n #2) Think
before you type.\r\n #3) With great power comes great
responsibility.\r\n\r\n"
Alternative attempt with :
[privilege_escalation]
become_exe=’sudo su - ‘
"module_stdout": "/bin/sh: ’sudo: command not found\r\n",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
Without overriding the become_exe:
"su" method gives "Timeout (12s) waiting for privilege escalation
prompt: "
"sudo" method gives "msg": "Missing sudo password"
Note : I do not have the password of the account I want to become, and am not supposed to have any.
How can I do the same as what I do by hand with Ansible ?
Use this:
- hosts: application
become: yes
become_exe: "sudo su - webapps"
become_method: su
tasks:
How is it possible to become a certain user without the -u flag (sudo su test_user instead of sudo su -u test_user)
Inventory (hosts)
[example]
test0001.example.org ansible_become_user=test_user ansible_become=true
ansible.cfg:
[defaults]
timeout=30
[privilege_escalation]
become_method="sudo"
become_flags="su"
And on the target machine:
$ sudo -l
User foo may run the following commands on test0001:
(root) NOPASSWD: /bin/su test_user
Running the playbook now fails with:
<test0001> (0, b'', b'')
<test0001> ESTABLISH SSH CONNECTION FOR USER: None
<test0001> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=30 -o ControlPath=/home/foo/.ansible/cp/c7eeb339b6 -tt test0001 '/bin/sh -c '"'"'sudo su -u test_user /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-geolooxawvydfclkjnetjajadmffqjvz ; /usr/bin/python /var/tmp/ansible-tmp-1578410709.7699296-180938533114945/AnsiballZ_setup.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
fatal: [test0001]: FAILED! => {
"msg": "Timeout (32s) waiting for privilege escalation prompt: \r\nWe trust you have received the usual lecture from the local System\r\nAdministrator. It usually boils down to these three things:\r\n\r\n #1) Respect the privacy of others.\r\n #2) Think before you type.\r\n #3) With great power comes great responsibility.\r\n\r\n"
}
And that is because it tries to become test_user with sudo su -u test_user. I actually want it to become test_user with sudo su test_user (so without the -u flag). How would it be possible to tell ansible not to include the -u flag?
Note that I am not able to change the sudoers files.
Could not connect to Cisco router using Ansible 2.3.1.0
straight from linux ssh cisco#172.1.1.2 works
but the ansible -m ping all doesnt.
Maybe it's clear where could be a problem from this output:
[osboxes#osboxes ~]$ ansible -m ping servers -vvv
Using /etc/ansible/ansible.cfg as config file
META: ran handlers
Using module file /usr/lib/python2.7/site-packages/ansible/modules/system/ping.py
<172.1.1.2> ESTABLISH SSH CONNECTION FOR USER: cisco
<172.1.1.2> SSH: EXEC sshpass -d12 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o User=cisco -o ConnectTimeout=10 -o ControlPath=/home/osboxes/.ansible/cp/1ed8487ad4 172.1.1.2 '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<172.1.1.2> (0, '\r\nLine has invalid autocommand "/bin/sh -c \'echo ~ && sleep 0\'"', '')
<172.1.1.2> ESTABLISH SSH CONNECTION FOR USER: cisco
<172.1.1.2> SSH: EXEC sshpass -d12 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o User=cisco -o ConnectTimeout=10 -o ControlPath=/home/osboxes/.ansible/cp/1ed8487ad4 172.1.1.2 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo Line has invalid autocommand "/bin/sh -c '"'"'"'"'"'"'"'"'echo ~ && sleep 0'"'"'"'"'"'"'"'"'"/.ansible/tmp/ansible-tmp-1499178341.35-260752414357590 `" && echo ansible-tmp-1499178341.35-260752414357590="` echo Line has invalid autocommand "/bin/sh -c '"'"'"'"'"'"'"'"'echo ~ && sleep 0'"'"'"'"'"'"'"'"'"/.ansible/tmp/ansible-tmp-1499178341.35-260752414357590 `" ) && sleep 0'"'"''
<172.1.1.2> (0, '\r\nLine has invalid autocommand "/bin/sh -c \'( umask 77 && mkdir -p "` echo Line has invalid autocommand "/bin/sh -c \'"\'"\'echo ~ && sleep 0\'"\'"\'"/.ansible/tmp/ansible-tmp-1499178341.35-260752414357590 `" && echo ansible-tmp-1499178341.35-260752414357590="` echo Line has invalid autocomma"', 'muxclient: master hello exchange failed\r\n')
<172.1.1.2> PUT /tmp/tmpacZGSy TO "` echo Line has invalid autocomma"/ping.py
<172.1.1.2> SSH: EXEC sshpass -d12 sftp -o BatchMode=no -b - -C -o ControlMaster=auto -o ControlPersist=60s -o User=cisco -o ConnectTimeout=10 -o ControlPath=/home/osboxes/.ansible/cp/1ed8487ad4 '[172.1.1.2]'
<172.1.1.2> (255, '', 'Connection closed\r\n')
172.1.1.2 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Connection closed\r\n",
"unreachable": true
thanks for any tips.
Try adding:
ansible_connection = local
To either [all:vars] or [servers:var] in your inventory file:
/[path]/ansible/hosts
If needed you can also add:
ansible_ssh_pass=some_password
ansible_ssh_user=username
To the inventory file
It looks as if you're connecting to a Cisco device. As IOS doesn't offer a /bin/sh command, you won't be able to use ansible's ping module (or any other standard module, for that matter).
You could however try to do something with the raw module, which allows to send commands without going through the module subsystem. There seem to be some bugs related to that module when it comes to Cisco devices, though, so you might need to update to a very recent ansible version.
This is my hosts file :
[openstack]
ec2-54-152-162-0.compute-1.amazonaws.com
I am trying to ping it using the following command :
ansible openstack -u redhat -m ping -vvvv
I got the following response :
Loaded callback minimal of type stdout, v2.0
Using module file /usr/lib/python2.7/site-packages/ansible-2.2.0-py2.7.egg/ansible/modules/core/system/ping.py
<ec2-54-152-162-0.compute-1.amazonaws.com> ESTABLISH SSH CONNECTION FOR USER: redhat
<ec2-54-152-162-0.compute-1.amazonaws.com> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o Port=22 -o 'IdentityFile="/home/centos/AnsibleKeyPair.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=redhat -o ConnectTimeout=10 -o ControlPath=/home/centos/.ansible/cp/ansible-ssh-%h-%p-%r ec2-54-152-162-0.compute-1.amazonaws.com '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1480529571.83-128837972481874 `" && echo ansible-tmp-1480529571.83-128837972481874="` echo $HOME/.ansible/tmp/ansible-tmp-1480529571.83-128837972481874 `" ) && sleep 0'"'"''
ec2-54-152-162-0.compute-1.amazonaws.com | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh.",
"unreachable": true
}
NOTE : I am able to connect to centos machines properly. But, I can't ping Ubuntu and Redhat machines. My controller machine is Centos. What might the problem be?
I solved it finally by using the following command :
ansible openstack -u ec2-user -m ping
I have been typing -u redhat but AWS has already given a name to it automatically ec2-user
"ESTABLISH SSH CONNECTION FOR USER: None" - this means that it is trying to ssh this host using a blank username which will not work.
Two solutions:
Edit the hosts file to include ansible_user=ubuntu (or whatever user your flavor uses, i.e. ec2-user for amazon linux)
[openstack]
ec2-54-204-230-203.compute-1.amazonaws.com ansibler_user=ubuntu
Just call it with the -u ubuntu when calling the playbook (or again whatever your flavor uses).
ansible openstack -u ubuntu -m ping -vvvv
Hope this helps!
--Edit--
(this is what helped me do it)
1.) Add your ssh key to the ~/.ssh directory
touch ~/.ssh/mykey.pem
2.) Enter ssh-agent bash mode
ssh-agent bash
3.) Ehange its permissionschmod
chmod 600 ~/.ssh/mykey.pem
4.) Make a path for ansible to use the permission
ssh-add ~/.ssh/mykey.pem
In your command line, use argument -k to ask ssh passwork:
ansible openstack -u redhat -m ping -k