Getting Permission Denied Error

[Anirban Das]

Hi All,

I'm trying to configure few ec2 instances using ansible, hence I created dynamic inventory in controller and playbook both. but I found that I need to pass private key where I'm little bit confused. 

1. Does Private key refer to key which is being used for ansible purpose or ec2 launching keypair?

2. Do I need to mention that private key path inside playbook?

Please help me to get these answers. 

Thanks,

Anirban Das

[Dick Visser]

Hard to give a useful answer without any actual code (playbooks, inventory, etc)

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/2dbd8161-36db-4203-9a7e-bfb3f63c3e1cn%40googlegroups.com.

--

Dick Visser
Trust & Identity Service Operations Manager
GÉANT

[Anirban Das]

HI,

aws_ec2.yml -------->> dynamic inventory

---

plugin: aws_ec2

aws_access_key_id: 

aws_secret_access_key: 

filters:

 tag:CreatedBy: Terraform

################################################

httpd_installation.yml ---------->> playbook

---

 - name: Configure WebServer with Apache HTTPD

   hosts: aws_ec2

   become: yes

   vars:

           - package1: httpd

           - package2: firewalld

           - service1: httpd

           - service2: firewalld

           - myprotocol: httpd

           - myport: 80

           

   tasks:

           - name: Install webserver package

             yum:

                     name: "{{package1}}"

                     state: present

             notify: restart_httpd

           - name: Add custom port to httpd.conf

             lineinfile:

                     path: /etc/httpd/conf/httpd.conf

                     regexp: '^Listen'

                     insertafter: '^#Listen'

                     line: "Listen {{ myport }}"

           - name: Copy Webpage to document root

             copy:

                     src: index.html

                     dest: /var/www/html/index.html

           - name: Install firewall package

             yum:

                     name: "{{package2}}"

                     state: present

           - name: Start firewalld service

             service:

                     name: "{{service2}}"

                     state: started

                     enabled: yes

           - name: Allow httpd from firewall

             firewalld:

                     service: "{{myprotocol}}"

                     port: "{{myport}}/tcp"

                     permanent: yes

                     state: enabled

                     immediate: yes

[Dick Visser]

and the exact error would be....?

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/b97ac543-183c-4a26-9162-fe4f0fb71950n%40googlegroups.com.

[Anirban Das]

| UNREACHABLE! => {

    "changed": false,

    "msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).",

    "unreachable": true

[Dick Visser]

This is just a regular SSH login issue.

It depends on how your instances are configured. Do you have keys configured in AWS, are you using the userdata to provision them, etc.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/692e9944-7852-4fb7-ae2a-218ccf76d495n%40googlegroups.com.

[Anirban Das]

I have created aws ec2 instances through Terraform, so that time I have mentioned key name for ec2 launching. But yes didn't mention ansible private key in terraform script. So in the provisioner bock I put ansible playbook command with private-key path. What else do I need to do??

you can check below terraform script and please guide me.

=========================================

# Creating 3 EC2 Instances:

resource "aws_instance" "instance" {

  count           = length(aws_subnet.public_subnet.*.id)

  ami             = var.ami_id

  instance_type   = var.instance_type

  subnet_id       = element(aws_subnet.public_subnet.*.id, count.index)

  security_groups = [aws_security_group.sg.id, ]

  key_name        = "Keypair-01"

  provisioner "local-exec" {

    command = "ansible-playbook /home/ansible/ansible_configuration/httpd_installation.yml"

    on_failure = continue

  }

  tags = {

    "Name"        = "Instance-${count.index}"

    "Environment" = "Test"

    "CreatedBy"   = "Terraform"

  }

}

[Sandip Bhattacharya]

On 13.10.21 13:51, Anirban Das wrote:
> I have created aws ec2 instances through Terraform, so that time I have mentioned key name for ec2 launching. But yes didn't mention ansible private key in terraform script. So in the provisioner bock I put ansible playbook command with private-key path. What else do I need to do??
>
> you can check below terraform script and please guide me.
> =========================================
>
> # Creating 3 EC2 Instances:
>
> resource "aws_instance" "instance" {
>   count           = length(aws_subnet.public_subnet.*.id)
>   ami             = var.ami_id
>   instance_type   = var.instance_type
>   subnet_id       = element(aws_subnet.public_subnet.*.id, count.index)
>   security_groups = [aws_security_group.sg.id, ]
>   key_name        = "Keypair-01"

1. Confirm that the ssh key mentioned in "Keypair-01" is the one in your ssh-agent locally.
2. Confirm that your local user exists on the remote host, and has the ssh-key in the authorized_keys file.
3. Confirm that you can do "ssh -i /path/to/private/key AWS_HOST" and can log in without any problems.
4. See if you can run 'ansible AWS_HOST -m ping' and get a response.

These can provide clues to what is wrong.

--
https://blog.sandipb.net
https://twitter.com/sandipb