authorized_key module not working

[chrono]

Hello,

I wrote a playbook that checks out brand new servers that are built for my team.  To make things truly one-and-done, I thought it would be clever to include a play that copies the ssh public key from our ansible controller to the freshly built remote hosts.

I tried using the authorized_key module, but it doesn't seem to work..

Here is the play:

---
- name: Checkout new build
  hosts: all
  remote_user: blah
  tasks:
  - name: copy ssh key to remote host
    authorized_key:
      user: blah
      key: "{{ lookup('file', '/home/blah/.ssh/id_rsa.pub') }}"

Here is the error I get:

TASK [setup] *******************************************************************

fatal: [hostname redacted]: UNREACHABLE! => {"changed": false, "msg": "ERROR! SSH encountered an unknown error during the connection. We recommend you re-run the command using -vvvv, which will enable SSH debugging output to help diagnose the issue", "unreachable": true}

Here is the command I am running:

ansible-playbook -i /home/blah/ansible/inventory/newBuilds.hosts /home/blah/ansible/playbooks/linuxCheckout/linuxCheckout.yml --ask-pass

Am I doing something wrong?

Best regards,

-C

[Dick Davies]

Try with '-vvvv' for starters, and compare with SSHing with the
servers directly.

> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/52be1e8d-ccec-4241-bc18-98e1ede7b77c%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[chrono]

I've been looking at the -vvvv output and it doesn't really help.

I guess I should ask this question.. Does this module work for copying over the initial key?  Or does it only work if there is already an ssh-key set up for ansible to use?

[Brian Coca]

It does not need a key but it DOES need a way to login, normally user/password if keys are not available.

The other option is a super user that already has access can copy the keys for the specific users. Some cloud APIs allow for pushing a key through alternate methods, this module does not know about that (look at cloud specific modules for that).

​

----------

Brian Coca

[chrono]

Interesting, then I am really out of ideas!

Here is the -vvvv output, maybe it will help diagnose it..

TASK [setup] *******************************************************************
<hostnameRedacted> ESTABLISH SSH CONNECTION FOR USER: blah
<hostnameRedacted> SSH: EXEC sshpass -d15 ssh -C -vvv -o ControlMaster=no -o StrictHostKeyChecking=no -o User=blah -o ConnectTimeout=10 -tt hostnameRedacted '( umask 22 && mkdir -p "$( echo $HOME/.ansible/tmp/ansible-tmp-1456322107.72-78449809147758 )" && echo "$( echo $HOME/.ansible/tmp/ansible-tmp-1456322107.72-78449809147758 )" )'
<hostnameRedacted> PUT /tmp/tmpuNYYso TO /home/blah/.ansible/tmp/ansible-tmp-1456322107.72-78449809147758/setup
<hostnameRedacted> SSH: EXEC sshpass -d15 sftp -b - -C -vvv -o ControlMaster=no -o StrictHostKeyChecking=no -o User=blah -o ConnectTimeout=10 '[hostnameRedacted]'
fatal: [hostnameRedacted]: UNREACHABLE! => {"changed": false, "msg": "ERROR! SSH Error: data could not be sent to the remote host. Make sure this host can be reached over ssh", "unreachable": true}

[Brian Coca]

is sftp allowed on those machines? you might want to try setting scp_if_ssh to True in ansible.cfg if that is the case.

The fact that it does not fail on directory creation but it does at the PUT is a good hint of that.

----------

Brian Coca

[chrono]

That did it! 

Thank you!