Trying to connect master host Ansible to target HP-UX 11.31 ia64 server
21 views
Skip to first unread message
Владимир Куликов
Aug 18, 2019, 7:32:34 AM8/18/19
to Ansible Project
Hi!
After tuning connect from master ansible server to target HP-UX server (HP-UX 11.31 ia64 server with installed Python 2.7.16) by SSH (ssh HPUX - without password), i try a test:
#ssh hp-ux
(get connected without password)
and next:
#ansible hpux -m ping
I get an error:
hpux | UNREACHABLE! => {
"changed": false,
"msg": "Authentication or permission failure. In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted in \"/tmp\". Failed command was: ( umask 77 && mkdir -p \"` echo /tmp/ansible/ansible-tmp-1566126836.8-256406273673570 `\" && echo ansible-tmp-1566126836.8-256406273673570=\"` echo /tmp/ansible/ansible-tmp-1566126836.8-256406273673570 `\" ), exited with result 235, stdout output: ansible-tmp-1566126836.8-256406273673570=/tmp/ansible/ansible-tmp-1566126836.8-256406273673570\n",
"unreachable": true
}
I think so it may be syntax error of remote command by ssh for HP-UX shell.... Is it so or not? Anyone can help me?
Vladimir Botka
Aug 18, 2019, 8:25:09 AM8/18/19
to Владимир Куликов, ansible...@googlegroups.com
Hi!
The problem is "permission failure". You are not able to write to
DEFAULT_LOCAL_TMP (see
https://docs.ansible.com/ansible/latest/reference_appendices/config.html#default-local-tmp).
Default value is "~/.ansible/tmp". You might want to log to the remote and
fix the permissions, or, as suggested in the message, "Consider changing the
created by Ansible (see
https://docs.ansible.com/ansible/latest/user_guide/become.html#becoming-an-unprivileged-user).
In this case you might want to use pipelining. Quoting from the link above:
"Use pipelining. When pipelining is enabled, Ansible doesn’t save the module
to a temporary file on the client. Instead it pipes the module to the remote
python interpreter’s stdin. Pipelining does not work for python modules
involving file transfer (for example: copy, fetch, template), or for
non-python modules."
Cheers,
-vlado
DEFAULT_LOCAL_TMP (see
https://docs.ansible.com/ansible/latest/reference_appendices/config.html#default-local-tmp).
Default value is "~/.ansible/tmp". You might want to log to the remote and
fix the permissions, or, as suggested in the message, "Consider changing the
remote tmp path in ansible.cfg to a path rooted in "/tmp".
There are security implications of who will be able to read the tmp files
created by Ansible (see
https://docs.ansible.com/ansible/latest/user_guide/become.html#becoming-an-unprivileged-user).
In this case you might want to use pipelining. Quoting from the link above:
"Use pipelining. When pipelining is enabled, Ansible doesn’t save the module
to a temporary file on the client. Instead it pipes the module to the remote
python interpreter’s stdin. Pipelining does not work for python modules
involving file transfer (for example: copy, fetch, template), or for
non-python modules."
Cheers,
-vlado
Vladimir Botka
Aug 18, 2019, 8:36:45 AM8/18/19
to Владимир Куликов, ansible...@googlegroups.com
Errata:
The problem is "permission failure". You are not able to write to "remote_tmp"
https://docs.ansible.com/ansible/2.4/intro_configuration.html#remote-tmp
The problem is "permission failure". You are not able to write to "remote_tmp"
https://docs.ansible.com/ansible/2.4/intro_configuration.html#remote-tmp
Vladimir Botka
Aug 18, 2019, 8:47:36 AM8/18/19
to Владимир Куликов, ansible...@googlegroups.com
On Sun, 18 Aug 2019 14:25:00 +0200
Vladimir Botka <vbo...@gmail.com> wrote:
> On Sun, 18 Aug 2019 04:32:33 -0700 (PDT)
> Владимир Куликов <kul...@gmail.com> wrote:
> > (HP-UX 11.31 ia64 server with installed Python 2.7.16)
Vladimir Botka <vbo...@gmail.com> wrote:
> On Sun, 18 Aug 2019 04:32:33 -0700 (PDT)
> Владимир Куликов <kul...@gmail.com> wrote:
> > (HP-UX 11.31 ia64 server with installed Python 2.7.16)
> > I get an error:
> > hpux | UNREACHABLE! => {
> > "changed": false,
> > "msg": "Authentication or permission failure. In some cases, you may
> > have been able to authenticate and did not have permissions on the target
> > directory. Consider changing the remote tmp path in ansible.cfg to a path
> > rooted in \"/tmp\". Failed command was: ( umask 77 && mkdir -p \"` echo
See:
> > hpux | UNREACHABLE! => {
> > "changed": false,
> > "msg": "Authentication or permission failure. In some cases, you may
> > have been able to authenticate and did not have permissions on the target
> > directory. Consider changing the remote tmp path in ansible.cfg to a path
> > rooted in \"/tmp\". Failed command was: ( umask 77 && mkdir -p \"` echo
Failure using become on HP-UX: Failed to set file mode on remote files #18391
https://github.com/ansible/ansible/issues/18391
Владимир Куликов
Aug 18, 2019, 11:02:34 AM8/18/19
to Ansible Project
Hi, Vladimir!
воскресенье, 18 августа 2019 г., 15:47:36 UTC+3 пользователь Vladimir Botka написал:
I have some question:
1.I normalized all TMP to /tmp/ansible everywhere in ansible.conf. I connect to hp-ux by root user with authorized_keys (on hp-ux side) and root not root privelegies in /tmp/ansible after connect? Error : "Authentication or permission failure. In some cases, you may have been able to authenticate and did not have permissions....." still the same.
2.After setting pipelining = True in ansible.conf, i get no answer from hp-ux host:
[root@ansible ~]# ansible -vvv integrity -m ping
ansible 2.8.2
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Jun 20 2019, 20:27:34) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
Using /etc/ansible/ansible.cfg as config file
host_list declined parsing /etc/ansible/hosts as it did not pass it's verify_file() method
script declined parsing /etc/ansible/hosts as it did not pass it's verify_file() method
auto declined parsing /etc/ansible/hosts as it did not pass it's verify_file() method
[DEPRECATION WARNING]: The TRANSFORM_INVALID_GROUP_CHARS settings is set to allow bad characters in group names by default, this
will change, but still be user configurable on deprecation. This feature will be removed in version 2.10. Deprecation warnings can
be disabled by setting deprecation_warnings=False in ansible.cfg.
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details
Parsed /etc/ansible/hosts inventory source with ini plugin
META: ran handlers
Using module file /usr/lib/python2.7/site-packages/ansible/modules/system/ping.py
Pipelining is enabled.
<hpux> ESTABLISH SSH CONNECTION FOR USER: root
<hpux> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/tmp/ansible/cp/5b8e4f6a37 hpux '/bin/sh -c '"'"'/usr/local/bin/python2.7 && sleep 0'"'
....And no errors...no output... nothing...
воскресенье, 18 августа 2019 г., 15:47:36 UTC+3 пользователь Vladimir Botka написал:
Vladimir Botka
Aug 18, 2019, 4:37:48 PM8/18/19
to Владимир Куликов, ansible...@googlegroups.com
On Sun, 18 Aug 2019 08:02:33 -0700 (PDT)
Владимир Куликов <kul...@gmail.com> wrote:
> [root@ansible ~]# ansible -vvv integrity -m ping
> ansible 2.8.2
> ...
Владимир Куликов <kul...@gmail.com> wrote:
> [root@ansible ~]# ansible -vvv integrity -m ping
> ansible 2.8.2
> Pipelining is enabled.
> <hpux> ESTABLISH SSH CONNECTION FOR USER: root
> <hpux> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o
> KbdInteractiveAuthentication=no -o
> PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
> -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o
> ControlPath=/tmp/ansible/cp/5b8e4f6a37 hpux '/bin/sh -c
> '"'"'/usr/local/bin/python2.7 && sleep 0'"'
> ....And no errors...no output... nothing...
I can't help you. Sorry. The issue is still open. It's a bug. You might want
> <hpux> ESTABLISH SSH CONNECTION FOR USER: root
> <hpux> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o
> KbdInteractiveAuthentication=no -o
> PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
> -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o
> ControlPath=/tmp/ansible/cp/5b8e4f6a37 hpux '/bin/sh -c
> '"'"'/usr/local/bin/python2.7 && sleep 0'"'
> ....And no errors...no output... nothing...
to go trough all the details in the issue and contribute there.
"Failure using become on HP-UX:Failed to set file mode on remote files #18391"
https://github.com/ansible/ansible/issues/18391
https://access.redhat.com/articles/3168091
Cheers,
-vlado
Reply all
Reply to author
Forward
0 new messages