Connect to remote servers

40 views
Skip to first unread message

Sisu

unread,
Jul 23, 2014, 12:31:05 PM7/23/14
to ansible...@googlegroups.com
Hi all,

I need to configure an instance which needs to connect to a remote server via ssh, I've been doing some tests and troubleshooting but I'm doing something wrong I guess, since when I'm tryin to connect to that ssh server, the connection gets stuck

A (ansible) -> B (new server) -ssh> C (remote server)

On ansible I see my key has been forwarded:
$ ssh-add -l
2048 XXX Users/sisu/.ssh/id_rsa(RSA)


allowing forwarding on ansible:
$ grep args ansible.cfg
ssh_args = "-o ForwardAgent=yes"



Task:
=====
TASK: [mysql | shell ssh -A 10.77.24.138 'uptime'] ****************************


Output
=====

ansible-playbook -i cluster-test setup.yml -s --ask-vault-pass --limit 10.77.23.91  -vvv
sudo password:
Vault password:


PLAY [system] *****************************************************************
skipping: no hosts matched


PLAY [databases] **************************************************************


GATHERING FACTS ***************************************************************
<10.77.23.91> ESTABLISH CONNECTION FOR USER: ansible
<10.77.23.91> REMOTE_MODULE setup
<10.77.23.91> EXEC ['ssh', '-C', '-tt', '-q', '-o ForwardAgent=yes', '-o', 'Port=22', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'ConnectTimeout=10', '10.77.23.91', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1406132297.35-204652140253393 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1406132297.35-204652140253393 && echo $HOME/.ansible/tmp/ansible-tmp-1406132297.35-204652140253393'"]
<10.77.23.91> PUT /tmp/tmpsks__j TO /home/ansible/.ansible/tmp/ansible-tmp-1406132297.35-204652140253393/setup
<10.77.23.91> EXEC ['ssh', '-C', '-tt', '-q', '-o ForwardAgent=yes', '-o', 'Port=22', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'ConnectTimeout=10', '10.77.23.91', u'/bin/sh -c \'sudo -k && sudo -H -S -p "[sudo via ansible, key=rdydkuixieuqoeurvoppazrdegjqlgij] password: " -u root /bin/sh -c \'"\'"\'echo SUDO-SUCCESS-rdydkuixieuqoeurvoppazrdegjqlgij; LC_CTYPE=en_US.UTF-8 LANG=en_US.UTF-8 /usr/bin/python /home/ansible/.ansible/tmp/ansible-tmp-1406132297.35-204652140253393/setup; rm -rf /home/ansible/.ansible/tmp/ansible-tmp-1406132297.35-204652140253393/ >/dev/null 2>&1\'"\'"\'\'']
ok: [10.77.23.91]


TASK: [mysql | shell ssh 10.77.24.138 'uptime'] *******************************
<10.77.23.91> ESTABLISH CONNECTION FOR USER: ansible
<10.77.23.91> REMOTE_MODULE command ssh 10.77.24.138 'uptime' #USE_SHELL
<10.77.23.91> EXEC ['ssh', '-C', '-tt', '-q', '-o ForwardAgent=yes', '-o', 'Port=22', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'ConnectTimeout=10', '10.77.23.91', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1406132305.67-152381814950545 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1406132305.67-152381814950545 && echo $HOME/.ansible/tmp/ansible-tmp-1406132305.67-152381814950545'"]
<10.77.23.91> PUT /tmp/tmpSQhM49 TO /home/ansible/.ansible/tmp/ansible-tmp-1406132305.67-152381814950545/command
<10.77.23.91> EXEC ['ssh', '-C', '-tt', '-q', '-o ForwardAgent=yes', '-o', 'Port=22', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'ConnectTimeout=10', '10.77.23.91', u'/bin/sh -c \'sudo -k && sudo -H -S -p "[sudo via ansible, key=hgnyrnayvjuhgkkzquerlhjdrukhkira] password: " -u root /bin/sh -c \'"\'"\'echo SUDO-SUCCESS-hgnyrnayvjuhgkkzquerlhjdrukhkira; LC_CTYPE=en_US.UTF-8 LANG=en_US.UTF-8 /usr/bin/python /home/ansible/.ansible/tmp/ansible-tmp-1406132305.67-152381814950545/command; rm -rf /home/ansible/.ansible/tmp/ansible-tmp-1406132305.67-152381814950545/ >/dev/null 2>&1\'"\'"\'\'']

At this point, ansible gets totally stuck, If I do not connect to a remote instances, I do not have any problem.

Also, If I need to connect through ssh console from B to C, I do not have any problem If I jump from A to B using -A option (in order to forward my ssh key). For that reason I'm using  -o ForwardAgent=yes on ansible.

Thoughts?

Thanks for your time

Sisu

unread,
Jul 24, 2014, 10:09:10 AM7/24/14
to ansible...@googlegroups.com
I found my problem.

As I was running ansible with sudo (-s) parameter,  my ssh-agent socket was forwarded for the regular user only. Then I need to add "sudo: yes" to all the tasks I need sudo and be sure the task where I run ssh to remote tasks has no sudo.

This link helped me to find the problem: https://github.com/ansible/ansible/issues/7235

Thanks
Reply all
Reply to author
Forward
0 new messages