Different ssh behavior on Linux and MacOSX

[sp...@win-force.com.ua]

Ha all

We use Ansible version 2.0.1.0 on MacOS X 10.11.3 (El Capitan) and Ubuntu 14.04

Ansible on MAcOS installed via #brew install ansible

Today i'v got a strange behavior on my project

In our role we change root password and then follow our tasks

All ok in linux session, playbook wont stop and success, but if we run this playbook in macosx we got auth error

TASK [init_server : Change root password] **************************************

...

changed: [LEASEWEB_NL_PGGN005] => {"append": false, "changed": true, "comment": "root", "group": 0, "home": "/root", "invocation": {"module_args": {"append": false, "comment": null, "createhome": true, "expires": null, "force": false, "generate_ssh_key": null, "group": null, "groups": null, "home": null, "login_class": null, "move_home": false, "name": "root", "non_unique": false, "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "remove": false, "shell": null, "skeleton": null, "ssh_key_bits": "2048", "ssh_key_comment": "ansible-generated on PGGN005", "ssh_key_file": null, "ssh_key_passphrase": null, "ssh_key_type": "rsa", "state": "present", "system": false, "uid": null, "update_password": "always"}, "module_name": "user"}, "move_home": false, "name": "root", "password": "NOT_LOGGING_PASSWORD", "shell": "/bin/bash", "state": "present", "uid": 0}

TASK [init_server : Add public-keys users "XXX"] ************************

task path: /Users/ZZZ/workspace/devops/SGSansible/roles/init_server/tasks/main.yml:27

File lookup using /Users/ZZZ/...roles/init_server/files/id_rsa16_XXX.pub as file

File lookup using /Users/ZZZ/.../roles/init_server/files/id_rsa16_YYY.pub as file

<5.79.100.137> ESTABLISH CONNECTION FOR USER: root on PORT 22 TO 5.79.100.137

<5.79.100.137> ESTABLISH CONNECTION FOR USER: root on PORT 22 TO 5.79.100.137

fatal: [LEASEWEB_NL_PGGN005]: UNREACHABLE! => {"changed": false, "msg": "All items completed", "results": [{"item": "ssh-rsa ..., "msg": "Authentication failed.", "unreachable": true}]}

    to retry, use: --limit @init.retry

My question is: why ansible on MacOS X creates ssh connection on every playbook step, but don't do this under linux?

ansible.cfg

# config file for ansible -- http://ansible.com/

# ==============================================

[defaults]

inventory      = inventory

remote_port    = 65321

roles_path    = roles

host_key_checking = False

remote_user = sgsansible

log_path = log/ansible.log

private_key_file = keys/id_rsa16_ansible

[ssh_connection]

ssh_args = -o ControlMaster=auto -o ControlPersist=60s

accelerate_multi_key = yes

WBR - Stanislav

[Brian Coca]

Default transport is 'smart' which uses paramiko instead of openssh on OS X due to an issue with sshpass crashing the OS X kernel. 

If you are NOT using ssh passwords (you are using keys) it should be OK to change the default to 'ssh' and it will work just like under Linux.

----------

Brian Coca

[sp...@win-force.com.ua]

Brian, thnx for answer!

Unfortunately, we are using passwords on the initial deployment phase, keys are used later

For avoiding problem in this case we use simple trick in our playebooks

- name: Finish prepare (restart)

      vars:

        ansible_ssh_pass: "{{ new_generated_pass_stored_in_host_vars }}"

WBR - Stanislav

[Brian Coca]

Change the default transport to ssh and set `connection: paramiko` for the tasks that use the password and push the keys. That should minimize the issue, for browny points set the connection conditionally to paramiko when localhost is OS X.

----------

Brian Coca