Can't Fix Ansible SSH Error

[Robert F]

When I run the following Ansible playbook on my backup server, backups.example.com, I get the error shown below:

    # main.yml

    ---

    - name: restore database

      hosts: dbserver.example.com

      gather_facts: false

      vars:

        me: smith

      tasks:

      - command: rsync -vz /path/to/db.dump {{ me }}@dbserver.example.com:/tmp

        become: true

        become_user: "{{ me }}"

Error:

      fatal: [dbserver.example.com] => SSH Error: data could not be sent to the remote host.  Make sure this host can be reached over ssh.

Yet I can run the command manually from my backup server, it succeeds:

    rsync -vz /path/to/db.dump sm...@dbserver.example.com:/tmp

Here are the pertinent files:

    # ansible.cfg

    [defaults]

    inventory = inventory.ini

    host_key_checking = False

    ssh_args = -o UserKnownHostsFile=/dev/null

    [ssh_connection]

    pipelining = True

    # inventory.ini

    [dbservers]

    dbserver.example.com ansible_ssh_host=<dbserver_ip_address> ip_addr=<dbserver_ip_address>

    [local]

    localhost ansible_connection=local

    # ~/.ssh/config

    Host dbserver.example.com

      # I know this creates a security risk but I don't know how else to handle the "authenticity of host..." prompt when running an Ansible playbook

      StrictHostKeyChecking no

      User smith

I've checked and there is an entry for dbserver.example.com in the ~/.ssh/known_hosts file.  My public key is installed in the authorized_keys file on the remote dbserver.

I've researched this online and read the Ansible documents but I don't see what I'm doing wrong.  Initially I tried using the Ansible synchronize module but it produced the same error.  I also tried using the "-vvvv" option with my ansible-playbook command but the output didn't yield any useful information.  All I say was the command stop at a certain point.  What am I missing here?

[Robert F]

Here is the output when I run the playbook with the "-vvvv" argument:

PLAY [restore database server] ************************************************ 

TASK: [fail msg='Please specify a database (db), -e "db=db03"'] *************** 

skipping: [db02.example.com]

TASK: [set_fact db={{ db }}] ************************************************** 

<45.56.89.116> ESTABLISH CONNECTION FOR USER: smith

ok: [db02.example.com] => {"ansible_facts": {"db": "db02"}}

TASK: [fail msg='Please specify a tier (tier), -e "tier=production"'] ********* 

skipping: [db02.example.com]

TASK: [set_fact tier={{ tier }}] ********************************************** 

<45.56.89.116> ESTABLISH CONNECTION FOR USER: smith

ok: [db02.example.com] => {"ansible_facts": {"tier": "staging"}}

TASK: [rsync database backup file to database server] ************************* 

<45.56.89.116> ESTABLISH CONNECTION FOR USER: smith

<45.56.89.116> REMOTE_MODULE command rsync -vz /srv/rsync/example.com/staging/last/database/example_schema_and_data.dump 

<45.56.89.116> EXEC ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/smith/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 45.56.89.116 /bin/sh -c 'sudo -k && sudo -H -S -p "[sudo via ansible, key=asekrsupszbkgzikdiyqxqwvjazevzmq] password: " -u smith /bin/sh -c '"'"'echo BECOME-SUCCESS-asekrsupszbkgzikdiyqxqwvjazevzmq; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python'"'"''

fatal: [db02.example.com] => SSH Error: data could not be sent to the remote host. Make sure this host can be reached over ssh

FATAL: all hosts have already failed -- aborting

PLAY RECAP ******************************************************************** 

           to retry, use: --limit @/home/smith/restore_dbserver.retry

db02.example.com     : ok=2    changed=0    unreachable=1    failed=0   

[Mark Phillips]

Hello Robert,

Does 'ansible -m ping 45.56.89.116' from that same backup server work just fine?

[Robert F]

Hi Mark,

No, when I run the ansible ping command, I get "No hosts matched."  However, if I just use the normal ping command on that IP, I get a response.

[Mark Phillips]

Hello Robert,

Ah, you're setting that IP in the inventory file with ansible_ssh_host? Sorry, I didn't notice that. Then 'ansible -m ping whatever_hostname_you_have_in_inventory' (i.e. if it's db02.example.com, then that name instead).

Ansible's 'ping' module isn't an ICMP ping, it's a connectivity test – it does an SSH connection and checks things will work as expected.

You want 'ansible -m ping <dest_host>' to work from source_host to ensure the play will go smoothly. If that works, then we can move onto the rsync issue. Let's prove the connectivity – from an Ansible perspective – first.

Cheers

[Robert F]

Hi Mark,

Interestingly, if I ping the database server's domain name as it's given in the inventory file, I do get a "pong" back.

[Mark Phillips]

A ha, excellent! We have some positive news :)

So I'd suggest there's something up with the rsync. Wrapping rsync in Ansible can be a challenge - hence the synchronize module (also a challenge!)

I'd be inclined to just test another module between the servers too - in your playbook I mean. Maybe do something simple like a "copy" but with a small text file? If that plays ball, try the DB dump?

Is the dump file big? Would the "copy" module not suffice? 

On 5 Apr 2017, at 23:43, Robert F <robert....@gmail.com> wrote:

Hi Mark,

Interestingly, if I ping the database server's domain name as it's given in the inventory file, I do get a "pong" back.

--
You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/ozOe60idnAk/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/a030761b-a781-4e4a-aa7b-9572fe495908%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Robert F]

Mark,

If you can't see anything obvious that I'm doing wrong, then that's worth knowing.  At least it rules out my doing something stupid.  

Tomorrow I'll try doing a copy and report back.  I was hoping to use rsync because I have two other directories that have a lot of files, some of which will contain new files but will also contain many older files that already exist in the destination (from having been synced over the preceding day).  Rsync would be perfect in this use case.  But another option might be to try doing everything with Fabric instead of Ansible so I'll investigate that too.

Thanks again for your help.  I really appreciate it!

Robert

[Kai Stian Olstad]

On 05.04.2017 18:55, Robert F wrote:
> Here is the output when I run the playbook with the "-vvvv" argument:

<snip>

> TASK: [rsync database backup file to database server]
> *************************
> <45.56.89.116> ESTABLISH CONNECTION FOR USER: smith

<snip>

>
> On Monday, April 3, 2017 at 1:06:08 PM UTC-7, Robert F wrote:
>>
>> When I run the following Ansible playbook on my backup server,
>> backups.example.com, I get the error shown below:
>>
>> # main.yml
>> ---
>> - name: restore database
>> hosts: dbserver.example.com
>> gather_facts: false
>>
>> vars:
>> me: smith
>>
>> tasks:
>> - command: rsync -vz /path/to/db.dump {{ me
>> }}@dbserver.example.com:/tmp
>> become: true
>> become_user: "{{ me }}"

You are logging in as user smith and do a sudo to user smith, why?
Can this be the root cause of the problem?

--
Kai Stian Olstad