execute ssh-copy-id, if passwdless login not able

[Ganeshwari Sk]

in Ansible playbook, I want to do two task, one to check passwdless ssh login is enabled or not, and in another task if passwdless login not abled for the remote host, then execute the ssh-copy-id command.

I have written the following playbook, but it is not working as desired, please help me to resolve the issue.

---

- name: Check passwdless login

  #hosts: stage-servers

  hosts: Testing-Server

  gather_facts: true

   

  tasks:

    - name: check ssh to remote hosts works

      block:

        - name: check ssh connection

          shell: "hostname; id"

          register: ssh_connection_test

          failed_when: ssh_connection_test.rc != 0

        - debug:

            var: ssh_connection_test.stdout_lines

      rescue:

        - debug:

           msg: "failed for host {{hostvars[inventory_hostname]['ansible_default_ipv4']['address']}}"

        - name: Task failed, no passdwless ssh working

          shell: "ssh-copy-id -o StrictHostKeyChecking=no -i ~/.ssh/id_rsa.pub \"root@{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }} \""

          register: ssh_copy_id_execution

          failed_when: ssh_copy_id_execution.rc != 0

        - debug :

             var: ssh_copy_id_execution.stdout_lines

      always:

        - debug:

             msg: "This always executed.."

I am getting this output:

LAY [Check passwdless login] ******************************************************************************************************************************************************************************

TASK [Gathering Facts] *************************************************************************************************************************************************************************************

fatal: [x.x.x.x]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Address x.x.x.x maps to test.testlab.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n", "unreachable": true}

to retry, use: --limit @/etc/ansible/passwordless.retry

PLAY RECAP *************************************************************************************************************************************************************************************************

x.x.x.x                 : ok=0    changed=0    unreachable=1    failed=0   

[Stefan Hornburg (Racke)]

On 12/11/19 10:21 AM, Ganeshwari Sk wrote:
> in Ansible playbook, I want to do two task, one to check passwdless ssh login is enabled or not, and in another task if
> passwdless login not abled for the remote host, then execute the ssh-copy-id command.
> I have written the following playbook, but it is not working as desired, please help me to resolve the issue.
>

Gathering facts already requires a working SSH connection, so it stops before executing your tasks.

It doesn't really makes sense to me what you are doing.

Regards
Racke

> *I am getting this output:*

> LAY [Check passwdless login]
> ******************************************************************************************************************************************************************************
>
> TASK [Gathering Facts]
> *************************************************************************************************************************************************************************************
> fatal: [x.x.x.x]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Address x.x.x.x maps
> to test.testlab.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!\r\nPermission denied
> (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n", "unreachable": true}
> to retry, use: --limit @/etc/ansible/passwordless.retry
>
> PLAY RECAP
> *************************************************************************************************************************************************************************************************
> x.x.x.x                 : ok=0    changed=0    unreachable=1    failed=0   
>

> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> ansible-proje...@googlegroups.com <mailto:ansible-proje...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/ca240694-d328-4d69-8764-ecc1596c3b85%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/ca240694-d328-4d69-8764-ecc1596c3b85%40googlegroups.com?utm_medium=email&utm_source=footer>.


--
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration. Provisioning with Ansible.

[Ganeshwari Sk]

I am newbie to ansible. I am trying to execute two different task. 

1. checking passwdless login. executing hostname and id command in the remote host and printing its result when succcess.

2. executing ssh-copy-id and copying pub key to the remote host

I want to execute the second task, only if the first task failed. 

Please let me know the mistake I am doing here.

[Stefan Hornburg (Racke)]

On 12/11/19 11:43 AM, Ganeshwari Sk wrote:
> I am newbie to ansible. I am trying to execute two different task. 
> 1. checking passwdless login. executing hostname and id command in the remote host and printing its result when succcess.
> 2. executing ssh-copy-id and copying pub key to the remote host
>
> I want to execute the second task, only if the first task failed. 
>
> Please let me know the mistake I am doing here.

Please read carefully the Ansible output and my reply.

Gathering facts requires a working SSH connection, so your tasks are never executed when this is the case.

Regards
Racke

> *I am getting this output:*

> LAY [Check passwdless login]
> ******************************************************************************************************************************************************************************
>
> TASK [Gathering Facts]
> *************************************************************************************************************************************************************************************
> fatal: [x.x.x.x]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Address x.x.x.x

> maps to test.testlab.com <http://test.testlab.com>, but this does not map back to the address - POSSIBLE BREAK-IN

> ATTEMPT!\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n", "unreachable": true}
> to retry, use: --limit @/etc/ansible/passwordless.retry
>
> PLAY RECAP
> *************************************************************************************************************************************************************************************************
> x.x.x.x                 : ok=0    changed=0    unreachable=1    failed=0   
>

> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> ansible-proje...@googlegroups.com <mailto:ansible-proje...@googlegroups.com>.
> To view this discussion on the web visit

> https://groups.google.com/d/msgid/ansible-project/b81ceb8a-f88a-49af-bfd1-fe553ba27541%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/b81ceb8a-f88a-49af-bfd1-fe553ba27541%40googlegroups.com?utm_medium=email&utm_source=footer>.