Ansible constructs incorrect ssh
Easy King
My firm's policy has a constraint of passing "-t bash" to ssh for connectivity else it would fail [This could be to prevent anyone from firing remote commands].
Below ssh command works fine:
ssh -i /opt/cert/id_rsa_prod targetuser@targethost -t bash
Inorder to make ansible's ssh to include "-t bash" argument I try to inject "-t bash" to ansible ssh by specifying the same in ansible inventory host file as below:
more host.txt
[target*]
targethost ansible_python_interpreter=/opt/bin/python2.7 ansible_ssh_extra_args="-t bash" ansible_ssh_common_args="-t" ansible_ssh_private_key_file=/opt/cert/id_rsa_prod USER_RUN=targetuser
When I run this ansible playbook it fails to connect to target host and throws the below error output:
23:53:42 ESTABLISH SSH CONNECTION FOR USER: targetuser
23:53:42 SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/opt/cert/id_rsa_prod"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=targetuser -o ConnectTimeout=10 -t bash -o ControlPath=/home/sourceuser/.ansible/cp/e8313d01d6 targethost '/bin/sh -c '"'"'echo ~targetuser && sleep 0'"'"''
23:53:42 (255, '', 'OpenSSH_7.7p1 (CentrifyDC build 5.5.1-395) , OpenSSL 1.0.2o-fips 27 Mar 2018\r\ndebug1: Reading configuration data /home/sourceuser/.ssh/config\r\ndebug1: Reading configuration data /etc/centrifydc/ssh/ssh_config\r\ndebug1: /etc/centrifydc/ssh/ssh_config line 3: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: Control socket "/home/sourceuser/.ansible/cp/e8313d01d6" does not exist\r\ndebug2: resolving "bash" port 22\r\nssh: Could not resolve hostname bash: Name or service not known\r\n')
23:53:42 fatal: [targethost]: UNREACHABLE! => {
23:53:42 "changed": false,
23:53:42 "msg": "Failed to connect to the host via ssh: OpenSSH_7.7p1 (CentrifyDC build 5.5.1-395) , OpenSSL 1.0.2o-fips 27 Mar 2018\r\ndebug1: Reading configuration data /home/sourceuser/.ssh/config\r\ndebug1: Reading configuration data /etc/centrifydc/ssh/ssh_config\r\ndebug1: /etc/centrifydc/ssh/ssh_config line 3: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: Control socket "/home/sourceuser/.ansible/cp/e8313d01d6" does not exist\r\ndebug2: resolving "bash" port 22\r\nssh: Could not resolve hostname bash: Name or service not known\r\n",
23:53:42 "unreachable": true
23:53:42 }
23:53:42 to retry, use: --limit @/opt/scripts/myfolder/site.retry
23:53:42
23:53:42 PLAY RECAP
23:53:42 targethost : ok=0 changed=0 unreachable=1 failed=0
ANSIBLE VERSION
ansible --version
ansible 2.7.1
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/home/user/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /bin/ansible
python version = 2.7.5 (default, Sep 12 2018, 05:31:16) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
Linux x86-64
STEPS TO REPRODUCE
ansible ping commandACTUAL RESULTS
SSH connection fails because ansible is not constructing the ssh arguments correctly. The "-t bash" should placed after the user@target while ansible is putting it before user@target.
I m looking for a workaround as this is critical for us. I do not wish to modify any global cfg [configuration] files as other playbook may get affected.
Please help !
Mark Zhitomirski
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/6092f244-7611-48dc-87cd-2a7caae13b3a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.