Cloud9 and ansible - cloud9-ide

when trying to run ansible on cloud9,
some of my task have:
sudo_user: emr-user
HOSTS file:
[development]
localhost ansible_connection=local ansible_ssh_user=ubuntu
Running with:
ansible-playbook -i hosts site.yml --limit=development
keeps failing on this task with:
failed: [localhost] => {"failed": true, "parsed": false}
[sudo via ansible, key=zacflhyhixxhiajrlmtitjxgpxqimnmn] password:
I believe it is related to the fact the cloud9 runs on password-less ubuntu root

I was able to bypass it using sudo su and then running:
ansible-playbook -i hosts site.yml --limit=development
but it doesn't feel right. any other ideas?

Related

Ansible not becoming root when run from Bitbucket Pipeline

I am running Packer + Ansible provisioner from the Bitbucket pipeline. but ansible not becoming root even become: true is given. Packer is used to create an Amazon Linux AMI and Ansible provisioner is used to run some server hardening scripts and configurations.
output from simple id command:
When run from Pipeline
TASK [aws-basic : debug] *****************************************
ok: [default] => {
"command_output.stdout_lines": [
"uid=1000(ec2-user) gid=1000(ec2-user) groups=1000(ec2-user),4(adm),10(wheel),190(systemd-journal)"
]
}
When running from Locally
TASK [aws-basic : debug] *****************************************
ok: [default] => {
"command_output.stdout_lines": [
"uid=0(root) gid=0(root) groups=0(root)"
]
}
Following is my Ansible Playbook with two roles
- name: AWS EC2 AMLinux Configuration playbook
hosts: default
remote_user: ec2-user
connection: ssh
become: true
vars:
_date: "{{ansible_date_time.iso8601}}"
reop_path: /usr/tmp/
roles:
- role: role-1
- role: role-2
Packer ansible provisioner config
provisioner "ansible" {
playbook_file = "../ansible/aws-ec2-base.yml"
extra_arguments = ["--extra-vars", "api_key=${var.api_key}"]
galaxy_file = "../ansible/requirements.yml"
ansible_ssh_extra_args = ["-oHostKeyAlgorithms=+ssh-rsa -oPubkeyAcceptedKeyTypes=+ssh-rsa"]
}
Even putting become_user: root in the ansible-playbook is not working.
Any reason this only happens in the bitbucket pipeline? I am using an ubuntu docker image with Ansible and Packer installed.
My gut is there would be some config in each system that triggers a different behaviour. I'd try
ansible-config dump --only-changed
in both your local workstation and the CI system and try to peek any difference that might be causing this.
This issue was caused because of the use of an older version of the packer plugin.
can also resolve the issue by using a bitbucket runner.

Failed to connect to the host...permission denied (publickey, password) unreachable

I'm finding it difficult to run a simple playbook. I already ping target and it was successful. When i run the playbook i get this error:
PLAY [install httpd and start services] ***********************************
TASK [Gathering Facts] ****************************************************
fatal:[192.168.112.66]: UNREACHABLE!=> {"changed": false "msg": "Failed to connect to the host via ssh: jay#192.168.112.66: Permission denied (publickey password)." "unreachable": true}
What's the problem with this?
The remote server is denying you the access due your key has a password.
Try this before run the playbook:
$ eval `ssh-agent`
$ ssh-add /path/to/your/private/key
Then run the playbook with the options -u and --private-key pointing to the user with access permissions on remote server and the private key you use.
I am guessing you used a password instead of ssh-key. So at the end of your command, add
--ask-pass
Let's say you're running your playbook. Your command will become:
ansible-playbook playbook.yml --ask-pass

run a particular command on all remote servers as a particular user?

I am trying to run a specific Ansible task as a different user than the one who is running the playbook. On my local box I have below playbook and I am logged in as david user and I want to run this command /tek/ghy/bin/ss.sh start on all remote servers as goldy user only.
My .yml file looks like this:
---
- name: start server
hosts: one_box
serial: "{{ num_serial }}"
tasks:
- name: start server
command: /tek/ghy/bin/ss.sh start
become: true
become_user: goldy
Below is how I am running it:
david#machineA:~$ ansible-playbook -e 'host_key_checking=False' -e 'num_serial=1' start_box.yml -u david --ask-pass --sudo -U goldy --ask-become-pass
[DEPRECATION WARNING]: The sudo command line option has been deprecated in favor of the "become" command line arguments. This feature will be removed in version 2.6. Deprecation warnings
can be disabled by setting deprecation_warnings=False in ansible.cfg.
SSH password:
SUDO password[defaults to SSH password]:
PLAY [start server] ***************************************************************************************************************************************************************************
TASK [Gathering Facts] **********************************************************************************************************************************************************************
fatal: [remote_machineA]: FAILED! => {"msg": "Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user (rc: 1, err: chown: changing ownership of ‘/tmp/ansible-tmp-1527357815.74-165519966271795/’: Operation not permitted\nchown: changing ownership of ‘/tmp/ansible-tmp-1527357815.74-165519966271795/setup.py’: Operation not permitted\n}). For information on working around this, see https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user"}
What wrong I am doing here? I am running ansible 2.4.3.0
by google search, you could be affected by this issue.
try to upgrade ansible, your code (i replaced the command to run a simple id on the remote server, instead of the /tek/ghy/bin/ss.sh start, and i used the same shell command and arguments as you provided) works on 2.5.2:
[ilias#optima-ansible tmp]$ ansible-playbook -e 'host_key_checking=False' -e 'num_serial=1' lala.yml -u ilias --ask-pass --sudo -U http_offline --ask-become-pass
[DEPRECATION WARNING]: The sudo command line option has been deprecated in favor of the "become" command line arguments. This feature will be removed in version 2.6. Deprecation warnings can be disabled by
setting deprecation_warnings=False in ansible.cfg.
SSH password:
SUDO password[defaults to SSH password]:
PLAY [start server] *************************************************************************************************************************************************************************************************
TASK [Gathering Facts] **********************************************************************************************************************************************************************************************
ok: [greenhat]
TASK [start server] *************************************************************************************************************************************************************************************************
changed: [greenhat]
TASK [debug] ********************************************************************************************************************************************************************************************************
ok: [greenhat] => {
"command_output": {
"changed": true,
"cmd": [
"id"
],
"delta": "0:00:00.004484",
"end": "2018-05-26 21:26:28.531838",
"failed": false,
"rc": 0,
"start": "2018-05-26 21:26:28.527354",
"stderr": "",
"stderr_lines": [],
"stdout": "uid=1002(http_offline) gid=1002(http_offline) groups=1002(http_offline),984(docker)",
"stdout_lines": [
"uid=1002(http_offline) gid=1002(http_offline) groups=1002(http_offline),984(docker)"
]
}
}
PLAY RECAP **********************************************************************************************************************************************************************************************************
greenhat : ok=3 changed=1 unreachable=0 failed=0
[ilias#optima-ansible tmp]$ ansible --version
ansible 2.5.2
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/home/ilias/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.15 (default, May 16 2018, 17:50:09) [GCC 8.1.1 20180502 (Red Hat 8.1.1-1)]
[ilias#optima-ansible tmp]$

Ansible Roles - not seeing my tasks file

Whenever I run my playbook on my control machine I only see this:
PLAY RECAP *********************************************************************
So I get the feeling ansible is not finding my task file. Here is my directory structure (it's a git project in Eclipse):
ansible
ansible
dockerhosts.yml
hosts
roles
dockerhost
tasks
main.yml
My dockerhosts.yml:
---
- hosts: integration
roles: [dockerhost]
...
My hosts file:
[integration]
192.168.1.8
192.168.1.9
And my main.yml file:
- name: Install Docker CE from added Docker YUM repo
remote_user: installer
become: true
become_user: root
become_method: sudo
command: yum -y install docker-ce
I don't have any syntax errors clearly as it's running but for some reason it doesn't appear to find my main.yml file. I tried to see what user ansible runs under in case it's a question of file permissions but I haven't found anything.
I am running ansible-playbook dockerhosts.yml from the /ansible/ansible directory.
What am I doing wrong?
I have a hosts file but it's not in the /etc/ansible/hosts default location. As I showed in my question it's actually at the same level as dockerhosts.yml since this is a git project.
I used the -vvvv flag but that didn't tell me much. After running ansible-playbook -h I tried the -i flag and ran ansible-playbook dockerhosts.yml -i hosts and that actually did something.
It gave me SSH connection errors but it did more than just the blank PLAY RECAP I got before which to me means it's actually running the tasks now.

Ansible ec2: "boto required for this module"

When I run this simple Ansible playbook:
- name: EC2 Test Example
hosts: localhost
connection: local
gather_facts: False
tasks:
- name: EC2 Instance
ec2:
# Amazon EC2 key pair name
key_name: my-key-pair
# Amazon EC2 Security Group
group: my-security-group
instance_type: t2.micro
# Latest from https://wiki.debian.org/Cloud/AmazonEC2Image/Jessie
image: ami-221ea342
wait: yes
register: ec2
I run with venv/bin/ansible-playbook -i localhost, playbook.yml:
PLAY [EC2 Test Example] ********************************************************
TASK [EC2 Instance] ************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": "boto required for this module"}
to retry, use: --limit #/Users/admin/temp/ansec2/playbook.retry
PLAY RECAP *********************************************************************
localhost : ok=0 changed=0 unreachable=0 failed=1
So obviously, I have boto installed in the venv that I'm using as well as my default system Python:
➜ ansec2 venv/bin/pip list
Package Version
--------------- --------
ansible 2.2.1.0
boto 2.45.0
boto3 1.4.4
botocore 1.5.4
...
I've read a few similar posts and I don't see a working solution.
The root cause of your problem is the -i localhost, hack. You don't need to use it anymore in Ansible.
You can just run:
ansible-playbook playbook.yml
And with connection: local in the play Ansible will use the Python executable set by venv.
When you use the -i localhost, hack, Ansible calls its default /usr/bin/python.
In this case you still can add the ansible_python_interpreter parameter to tell Ansible to use this specific environment:
ansible-playbook -i localhost, playbook.yml --extra-vars "ansible_python_interpreter=/Users/admin/temp/ansec2/venv/bin/python"
But I think you should avoid it and use the first method.
In my case the message was because I was missing boto, although I had boto3. So I did pip install boto and that fixed it.
If you already have boto installed for the python interpreter you want to use (as the OP does), then you can tell Ansible to use that python interpreter like so:
ansible-playbook --extra-vars "ansible_python_interpreter=/path/to/desired/python" playbook.yml
If you want to use python3, this can be
ansible-playbook --extra-vars "ansible_python_interpreter=$(command -v python3)" playbook.yml
If instead you do not have boto installed yet, you must install it with pip first before running your playbook. If you want to install boto for your python3 interpreter, you can do so with this command:
python3 -m pip install boto
If you want to install boto for a different python interpreter, use
/path/to/desired/python -m pip install boto

Resources