ansible and ansible-playbook with ssh config not working...

[Curtis]

Hi,

I would think this would just work? Usually I think wrong, so I guess I'm really wondering what I've got wrong here.  :)

"virt-v2v" is the name of a host that is setup in .ssh/config...

# ansible -c ssh -u root -m ping virt-v2v

virt-v2v | success >> {

    "changed": false, 

    "ping": "pong"

}

# ansible-playbook -c ssh -u root veewee.yml 

PLAY [veewee] ********************* 

GATHERING FACTS ********************* 

fatal: [virt-v2v] => failed to transfer file to /setup:

Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

Connection closed

TASK: [ensure correct packages are installed] ********************* 

FATAL: no hosts matched or all hosts have already failed -- aborting

PLAY RECAP ********************* 

virt-v2v                       : ok=0    changed=0    unreachable=1    failed=0    

# cat ansible_hosts 

[veewee]

virt-v2v

==

Any thoughts? 

Thanks,

Curtis.

--
Twitter: @serverascode
Blog: serverascode.com

[Lorin Hochstein]

Curtis:

Can you show the contents of your veewee.yml?

Take care,

Lorin

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

--

Lorin Hochstein

Lead Architect - Cloud Services

Nimbis Services, Inc.

www.nimbisservices.com

[Curtis]

On Tue, Mar 5, 2013 at 8:25 PM, Lorin Hochstein <lo...@nimbisservices.com> wrote:

Curtis:

Can you show the contents of your veewee.yml?

Oh, shoot, looking at that I've set the user to something other than root which is the user I need in this case.

# head veewee.yml 

---

- hosts: veewee

  user: vagrant

  sudo: yes

  vars:

    rvm: /usr/local/rvm/bin/rvm

  tasks:

  # libvirt-devel is need to build ruby-libvirt

==

I guess ansible doesn't honor the user in .ssh/config or the command line user, which I would expect to override what's in the playbook. I haven't been keeping up with the -c ssh features in ansible...my bad!

Thanks,

Curtis.

--
Twitter: @serverascode
Blog: serverascode.com

[Brian Coca]

Ansible always specifies the user to ssh, so it will not pick it up
from .ssh/config

--
Brian Coca
Stultorum infinitus est numerus
0110000101110010011001010110111000100111011101000010000001111001011011110111010100100000011100110110110101100001011100100111010000100001
Pedo mellon a minno

[Curtis]

On Tue, Mar 5, 2013 at 9:25 PM, Brian Coca <bria...@gmail.com> wrote:

Ansible always specifies the user to ssh, so it will not pick it up
from .ssh/config

Is that something that was decided ansible would not do? I think it would be pretty helpful to heavy ssh users, especially those who have servers that they access through a gateway ssh server. I suppose I should search the mailing list... :)

Thanks,

Curtis.

 

--
Brian Coca
Stultorum infinitus est numerus
0110000101110010011001010110111000100111011101000010000001111001011011110111010100100000011100110110110101100001011100100111010000100001
Pedo mellon a minno

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Michael DeHaan]

>
> Is that something that was decided ansible would not do? I think it would be
> pretty helpful to heavy ssh users, especially those who have servers that
> they access through a gateway ssh server. I suppose I should search the
> mailing list... :)
>

Basically Ansible is a systems management tool, not a user login tool.

In a given playbook, you may wish to log in from *multiple* different
user accounts to the same box.

By ansible declaratively specifying the user, that makes this
possible, and also makes it very clear
from a self contained playbook what user is being used for the login,
so it's repeatable -- the parameters
are no longer needing the playbook *AND* the ssh config file, and
users don't have to worry about the SSH
config file unless they need, for example, jump hosts.

[Curtis]

What would be wrong with honouring the .ssh/config if there is no user in the playbook or on the command line?

Thanks,

Curtis.

 

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Michael DeHaan]

Technically nothing, but it would need to work for /both/ SSHd and
paramiko and only set things if no "-u" was specified either, and only
if the user /was/ specified in the config, and not rely on a config
being set.

In the case where there is no user specified, it uses the current user
account or what is fed to "-u".

(Again, in our eyes, SSH is just the transport layer)

[Curtis]

On Wed, Mar 6, 2013 at 10:09 AM, Michael DeHaan <michael...@gmail.com> wrote:

Technically nothing, but it would need to work for /both/ SSHd and
paramiko and only set things if no "-u" was specified either, and only
if the user /was/ specified in the config, and not rely on a config
being set.

In the case where there is no user specified, it uses the current user
account or what is fed to "-u".

(Again, in our eyes, SSH is just the transport layer)

I definitely understand what you are saying in terms of ssh being the transport layer only.

That said, as a simple ansible user who has a lot of servers and environments to work with, some behind ssh jump hosts, thus massive use of .ssh/config, I find this to be a real big pain point. But that's just me. :)

Thanks,

Curtis.

[Brian Coca]

I have it on my list to look into this and avoid pass -u $user to ssh
if it matches current user.
Should not be to hard and it would enable .ssh/config

[seth vidal]

On Wed, 6 Mar 2013 10:25:07 -0700
Curtis <server...@gmail.com> wrote:

> On Wed, Mar 6, 2013 at 10:09 AM, Michael DeHaan
> <michael...@gmail.com>wrote:
>
> > Technically nothing, but it would need to work for /both/ SSHd and
> > paramiko and only set things if no "-u" was specified either, and
> > only if the user /was/ specified in the config, and not rely on a
> > config being set.
> >
> > In the case where there is no user specified, it uses the current
> > user account or what is fed to "-u".
> >
> > (Again, in our eyes, SSH is just the transport layer)
> >
>
> I definitely understand what you are saying in terms of ssh being the
> transport layer only.
>
> That said, as a simple ansible user who has a lot of servers and
> environments to work with, some behind ssh jump hosts, thus massive
> use of .ssh/config, I find this to be a real big pain point. But
> that's just me. :)
>

I'm confused here. You're having issues when you run with -c ssh using
your .ssh/config ?

or is this only when using paramiko?

-sv

[Zenobius Jiricek]

Same here, it also makes using git hard when the git server requires access through a non standard ssh port and private key.

[Michael DeHaan]

Please look up how GIT_SSH works and so on.

This is basically just a function of git and not ansible.  

You may wish to checkout your repositories over https:// to make things much easier for you, or deploy using packages, tarballs, or another mechanism if you wish to simplify the SSH checkout.

Michael DeHaan <mic...@ansibleworks.com>
CTO, AnsibleWorks, Inc.
http://www.ansibleworks.com/