Re: Ansible bastion host unreachable?
318 views
Skip to first unread message
Message has been deleted
Message has been deleted
Anthony Cheng
Jun 22, 2016, 9:31:26 AM6/22/16
to Ansible Project
I am trying to access an EC2 instance with Ansible installed on another EC2 instance; my hosts are setup with a bastion host. I have been following this post http://blog.scottlowe.org/2015/12/24/running-ansible-through-ssh-bastion-host/ which seems fairly straight forward.
I can ssh directly and ping from this host to the IP given from dynamic inventory (an public IP); but why is a simple ansible ping failing when actual ssh works and pingable?
root@ip-host:/etc/ansible# ansible -i /etc/ansible/inventory/ec2.py tag_managed_ansible -m ping -vvvv
Using /etc/ansible/ansible.cfg as config file
Loaded callback minimal of type stdout, v2.0
<x.x.x.x> ESTABLISH SSH CONNECTION FOR USER: ubuntu
<x.x.x.x> SSH: EXEC ssh -C -vvv -F /root/.ssh/config -o ControlMaster=auto -o ControlPersist=10m -o 'IdentityFile="/home/ubuntu/.ssh/asdev.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 -o 'ControlPath=~/.ssh/ansible-%r@%h:%p' x.x.x.x '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1466601336.03-126192442556847 `" && echo ansible-tmp-1466601336.03-126192442556847="` echo
$HOME/.ansible/tmp/ansible-tmp-1466601336.03-126192442556847 `" ) && sleep 0'"'"''
x.x.x.x | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh.",
"unreachable": true
}
Debug from direct ssh which works (via proxy command setup in /root/.ssh/config)
root@ip-host:/etc/ansible# ssh devtest3 -v
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /root/.ssh/config
debug1: /root/.ssh/config line 1: Applying options for *
debug1: /root/.ssh/config line 769: Applying options for devtest3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 1: Applying options for *
debug1: /etc/ssh/ssh_config line 769: Applying options for devtest3
debug1: Hostname has changed; re-reading configuration
debug1: Reading configuration data /root/.ssh/config
debug1: /root/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 1: Applying options for *
debug1: auto-mux: Trying existing master
debug1: multiplexing control connection
debug2: fd 6 setting O_NONBLOCK
debug3: fd 6 is O_NONBLOCK
debug1: channel 1: new [mux-control]
debug3: channel_post_mux_listener: new mux channel 1 fd 6
debug3: mux_master_read_cb: channel 1: hello sent
debug2: set_control_persist_exit_time: cancel scheduled exit
debug3: mux_master_read_cb: channel 1 packet type 0x00000001 len 4
debug2: process_mux_master_hello: channel 1 slave version 4
debug3: mux_master_read_cb: channel 1 packet type 0x10000004 len 4
debug2: process_mux_alive_check: channel 1: alive check
debug3: mux_master_read_cb: channel 1 packet type 0x10000002 len 50
debug2: process_mux_new_session: channel 1: request tty 1, X 1, agent 0, subsys 0, term "xterm-256color", cmd "", env 0
debug3: mm_receive_fd: recvmsg: Resource temporarily unavailable
debug3: mm_receive_fd: recvmsg: Resource temporarily unavailable
debug3: mm_receive_fd: recvmsg: Resource temporarily unavailable
debug3: process_mux_new_session: got fds stdin 7, stdout 8, stderr 9
debug1: channel 2: new [client-session]
debug2: process_mux_new_session: channel_new: 2 linked to control channel 1
debug2: channel 2: send open
debug2: callback start
debug2: client_session2_setup: id 2
debug2: channel 2: request pty-req confirm 1
debug2: channel 2: request shell confirm 1
debug3: mux_session_confirm: sending success reply
debug2: callback done
debug2: channel 2: open confirm rwindow 0 rmax 32768
debug1: mux_client_request_session: master session id: 2
debug2: channel_input_status_confirm: type 99 id 2
debug2: PTY allocation request accepted on channel 2
debug2: channel 2: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 2
debug2: shell request accepted on channel 2
Last login: Wed Jun 22 13:20:11 2016 from
ubuntu@ip-host:~$
Here's ssh setting of the ansible.cfg:
[ssh_connection]
ssh_args = -F /root/.ssh/config -o ControlMaster=auto -o ControlPersist=10m
control_path = ~/.ssh/ansible-%%r@%%h:%%p
I can ssh directly and ping from this host to the IP given from dynamic inventory (an public IP); but why is a simple ansible ping failing when actual ssh works and pingable?
root@ip-host:/etc/ansible# ansible -i /etc/ansible/inventory/ec2.py tag_managed_ansible -m ping -vvvv
Using /etc/ansible/ansible.cfg as config file
Loaded callback minimal of type stdout, v2.0
<x.x.x.x> ESTABLISH SSH CONNECTION FOR USER: ubuntu
<x.x.x.x> SSH: EXEC ssh -C -vvv -F /root/.ssh/config -o ControlMaster=auto -o ControlPersist=10m -o 'IdentityFile="/home/ubuntu/.ssh/asdev.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 -o 'ControlPath=~/.ssh/ansible-%r@%h:%p' x.x.x.x '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1466601336.03-126192442556847 `" && echo ansible-tmp-1466601336.03-126192442556847="` echo
$HOME/.ansible/tmp/ansible-tmp-1466601336.03-126192442556847 `" ) && sleep 0'"'"''
x.x.x.x | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh.",
"unreachable": true
}
Debug from direct ssh which works (via proxy command setup in /root/.ssh/config)
root@ip-host:/etc/ansible# ssh devtest3 -v
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /root/.ssh/config
debug1: /root/.ssh/config line 1: Applying options for *
debug1: /root/.ssh/config line 769: Applying options for devtest3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 1: Applying options for *
debug1: /etc/ssh/ssh_config line 769: Applying options for devtest3
debug1: Hostname has changed; re-reading configuration
debug1: Reading configuration data /root/.ssh/config
debug1: /root/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 1: Applying options for *
debug1: auto-mux: Trying existing master
debug1: multiplexing control connection
debug2: fd 6 setting O_NONBLOCK
debug3: fd 6 is O_NONBLOCK
debug1: channel 1: new [mux-control]
debug3: channel_post_mux_listener: new mux channel 1 fd 6
debug3: mux_master_read_cb: channel 1: hello sent
debug2: set_control_persist_exit_time: cancel scheduled exit
debug3: mux_master_read_cb: channel 1 packet type 0x00000001 len 4
debug2: process_mux_master_hello: channel 1 slave version 4
debug3: mux_master_read_cb: channel 1 packet type 0x10000004 len 4
debug2: process_mux_alive_check: channel 1: alive check
debug3: mux_master_read_cb: channel 1 packet type 0x10000002 len 50
debug2: process_mux_new_session: channel 1: request tty 1, X 1, agent 0, subsys 0, term "xterm-256color", cmd "", env 0
debug3: mm_receive_fd: recvmsg: Resource temporarily unavailable
debug3: mm_receive_fd: recvmsg: Resource temporarily unavailable
debug3: mm_receive_fd: recvmsg: Resource temporarily unavailable
debug3: process_mux_new_session: got fds stdin 7, stdout 8, stderr 9
debug1: channel 2: new [client-session]
debug2: process_mux_new_session: channel_new: 2 linked to control channel 1
debug2: channel 2: send open
debug2: callback start
debug2: client_session2_setup: id 2
debug2: channel 2: request pty-req confirm 1
debug2: channel 2: request shell confirm 1
debug3: mux_session_confirm: sending success reply
debug2: callback done
debug2: channel 2: open confirm rwindow 0 rmax 32768
debug1: mux_client_request_session: master session id: 2
debug2: channel_input_status_confirm: type 99 id 2
debug2: PTY allocation request accepted on channel 2
debug2: channel 2: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 2
debug2: shell request accepted on channel 2
Last login: Wed Jun 22 13:20:11 2016 from
ubuntu@ip-host:~$
Here's ssh setting of the ansible.cfg:
[ssh_connection]
ssh_args = -F /root/.ssh/config -o ControlMaster=auto -o ControlPersist=10m
control_path = ~/.ssh/ansible-%%r@%%h:%%p
Chris Shultz
Jun 24, 2016, 2:00:46 PM6/24/16
to ansible...@googlegroups.com
Is the host you are attempting to reach set up as the ip that ec2.py returns (x.x.x.x in your pasted output) in your ~/.ssh/config or as the devtest3 hostname you connected to in your SSH debug output?
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/da69bb4a-69f3-4ca5-97de-666f1f61feb5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Anthony Cheng
Jun 24, 2016, 2:35:00 PM6/24/16
to Ansible Project
Actually I figured it shortly after but you are spot on as the dynamic inventory reference by IP whereas in my .ssh/config it originally had host entry. Solution was to define wildcard IP in .ssh/config.
Reply all
Reply to author
Forward
0 new messages