ssh failing for a newly created EC2 instances
3,566 views
Skip to first unread message
Soumya Simanta
Oct 21, 2013, 11:50:44 AM10/21/13
to ansible...@googlegroups.com
My apologies for posting this as a new question but I'm doing it because I think it's a separate question. My understanding is that the newly launched EC2 instances are added to an in-memory host group. And since I'm passing the private key of the EC2 instances to the ansible-playbook command I should be able log in.
However, I'm having trouble connecting to the instances after they are created.
This is my playbook.
- name: Stage instance(s)
hosts: cfgsvr
connection: local
user: myuserid
gather_facts: false
vars:
keypair: mykeypair
image: ami-2efa9d47
instance_type: m1.small #t1.micro
subnet: subnet-xxxxxx
region: us-east-1
image: ami-2efa9d47
# Launch 1 instance with the following parameters. Register the output.
tasks:
- name: Launch instance
local_action: ec2 keypair={{keypair}} vpc_subnet_id={{subnet}} instance_type={{instance_type}} image={{image}} wait=true count=1
register: ec2
# Use with_items to add each instances public IP to a new hostgroup for use in the next play.
- name: Add new instances to host group
local_action: add_host hostname={{item.public_ip}} groupname=deploy
with_items: ${ec2.instances}
- name: Wait for the instances to boot by checking the ssh port
local_action: wait_for host={{item.public_dns_name}} port=22 delay=60 timeout=320 state=started
with_items: ${ec2.instances}
- name: Breathing room
pause: seconds=30
# This play targets the new host group
- name: Configure instance
hosts: deploy #must match groupname in "add_host" above
user: ubuntu
sudo: yes
gather_facts: true
# Install the necessary software on each instance
tasks:
- name: Get the latest updates for instance
action: command apt-get update
- name: Install JDK
apt: pkg=openjdk-6-jre-headless state=latest install_recommends=no update_cache=yes
#action: apt pkg=java-1.7.0-openjdk state=latest
- name: Install Maven2
apt: pkg=maven2 state=latest update_cache=yes
I'm launching the playbook using the following command.
$ansible-playbook -v ec2_launch.yml -vvvv -i inventory/ansible_hosts --private-key=/path/to/private/key
GATHERING FACTS ***************************************************************
<None> ESTABLISH CONNECTION FOR USER: ubuntu
<None> EXEC ['ssh', '-tt', '-vvv', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/home/myuserid/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'Port=22', '-o', 'IdentityFile=/home/myuserid/.ec2/myprivatekey.pem', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'User=ubuntu', '-o', 'ConnectTimeout=10', u'None', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-1382270163.81-64347444346956 && chmod a+rx $HOME/.ansible/tmp/ansible-1382270163.81-64347444346956 && echo $HOME/.ansible/tmp/ansible-1382270163.81-64347444346956'"]
fatal: [None] => SSH encountered an unknown error. The output was:
OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: auto-mux: Trying existing master
debug1: Control socket "/home/myuserid/.ansible/cp/ansible-ssh-None-22-ubuntu" does not exist
debug2: ssh_connect: needpriv 0
ssh: Could not resolve hostname None: Name or service not known
TASK: [Get the latest updates for instance] ***********************************
FATAL: no hosts matched or all hosts have already failed -- aborting
I can log into the launched instance by using the private key I'm passing to the ansible-playbook command.
$ansible-playbook -v ec2_launch.yml -vvvv -i inventory/ansible_hosts --private-key=/path/to/private/key
Any idea why is this failing?
Thanks.
Brian Moulton
Oct 21, 2013, 1:57:56 PM10/21/13
to ansible...@googlegroups.com
Looks like ssh is not open on the hosts.
Soumya Simanta
Oct 22, 2013, 8:11:24 AM10/22/13
to ansible...@googlegroups.com
I can ssh into the launched instance from command line without any issues.
$ssh -i /path/to/private/key ubu...@X.X.X.X works just fine.
Off topic, one of the reasons I choose Ansible over other DevOps tools was because of the advertised easy configuration. However, based on my initial experience it looks like that's not the case. Either I'm missing out on basic things or the configuration is not as easy as it seems.
-Soumya
James Tanner
Oct 22, 2013, 9:18:38 AM10/22/13
to ansible...@googlegroups.com, Soumya Simanta
Have you tried invoking ssh-agent,
adding the key and then running ansible playbook?
1) eval $(ssh-agent)
2) ssh-add /path/to/private/kye
3) ansible-playbook <args>
1) eval $(ssh-agent)
2) ssh-add /path/to/private/kye
3) ansible-playbook <args>
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Soumya Simanta
Oct 22, 2013, 11:24:56 AM10/22/13
to ansible...@googlegroups.com, Soumya Simanta
@James.
I tried invoking ssh-agent and adding my private key to it before running ansible playbook. However, it still doesn't work :-(.
I also tried the ansbile-playbook command with and without the private-key option but it still gives the same error.
I'm almost ready to give up on this now.
-Soumya
Greg Andrews
Oct 22, 2013, 11:26:01 AM10/22/13
to ansible...@googlegroups.com
Here's the relevant portion of the -vvvv output. It's the last three things that Ansible passed to ssh on the command line. (I've truncated the last one to just the starting 10 characters, for clarity):
'-o', 'ConnectTimeout=10', u'None', "/bin/sh -c"
The "-o ConnectTimeout=10" is the last of the command-line options given to ssh. The "u'None'" is interpreted by ssh as the remote hostname to connect to. The "/bin/sh -c" and following text is interpreted by ssh as the command to execute on the remote host.
According to the ssh error message, the hostname "u'None'" is not resolving to a usable hostname or IP address. And it doesn't look like the kind of name that will properly resolve.
So the evidence points to the playbook not successfully passing the EC2 instance's hostname (or ip address) to the ssh command, not a problem in the EC2 instance itself or in ssh keys.
-Greg
Soumya Simanta
Oct 22, 2013, 12:29:55 PM10/22/13
to ansible...@googlegroups.com
@Greg,
Thank you. Your analysis makes perfect sense.
The host name is set here in the playbook. However, since I'm launching this instance on a VPC (Virtual Private Cloud) instance. This value is not set in the ansible variable.
# Use with_items to add each instances public IP to a new hostgroup for use in the next play.
- name: Add new instances to host group
local_action: add_host hostname={{item.public_ip}} groupname=deploy
with_items: ${ec2.instances}
I need to use hostname={{item.private_ip}} for this work.
However, now I'm getting the following error.
GATHERING FACTS ***************************************************************
<10.128.3.113> ESTABLISH CONNECTION FOR USER: ubuntu
<10.128.3.113> EXEC ['ssh', '-tt', '-vvv', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/home/myuserid/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'Port=22', '-o', 'IdentityFile=/home/myuserid/.ec2/myprivatekey.pem', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'User=ubuntu', '-o', 'ConnectTimeout=10', u'10.128.3.113', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-1382457536.35-172524262324962 && chmod a+rx $HOME/.ansible/tmp/ansible-1382457536.35-172524262324962 && echo $HOME/.ansible/tmp/ansible-1382457536.35-172524262324962'"]
fatal: [10.128.3.113] => SSH encountered an unknown error. The output was:
OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: auto-mux: Trying existing master
debug1: Control socket "/home/myuserid/.ansible/cp/ansible-ssh-10.128.3.113-22-ubuntu" does not exist
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.128.3.113 [10.128.3.113] port 22.
debug2: fd 3 setting O_NONBLOCK
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug3: timeout: 9999 ms remain after connect
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/myuserid/.ec2/myprivatekey.pem" as a RSA1 public key
debug1: identity file /home/myuserid/.ec2/myprivatekey.pem type -1
debug1: identity file /home/myuserid/.ec2/myprivatekey.pem-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "10.128.3.113" from file "/home/myuserid/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/myuserid/.ssh/known_hosts:35
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nis...@openssh.com,ecdsa-sha2-nis...@openssh.com,ecdsa-sha2-nis...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nis...@openssh.com,ecdsa-sha2-nis...@openssh.com,ecdsa-sha2-nis...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa-...@openssh.com,ssh-dss-...@openssh.com,ssh-rsa-...@openssh.com,ssh-dss-...@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijnda...@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijnda...@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,uma...@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ri...@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,uma...@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ri...@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zl...@openssh.com,zlib
debug2: kex_parse_kexinit: none,zl...@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijnda...@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijnda...@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,uma...@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ri...@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,uma...@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ri...@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zl...@openssh.com
debug2: kex_parse_kexinit: none,zl...@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA cc:cc:cc:cc:cc:29:f7:62:c4:21:4a:cc:cc:cc:cc:02
debug3: load_hostkeys: loading entries for host "10.128.3.113" from file "/home/myuserid/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/myuserid/.ssh/known_hosts:35
debug3: load_hostkeys: loaded 1 keys
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
cc:c:cc:cc:cc:29:f7:62:cc:21:cc:84:cc:cc:ce:02.
Please contact your system administrator.
Add correct host key in /home/myuserid/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/myuserid/.ssh/known_hosts:35
remove with: ssh-keygen -f "/home/myuserid/.ssh/known_hosts" -R 10.128.3.113
ECDSA host key for 10.128.3.113 has changed and you have requested strict checking.
Host key verification failed.
James Tanner
Oct 22, 2013, 12:35:21 PM10/22/13
to ansible...@googlegroups.com, Soumya Simanta
Soumya Simanta
Oct 22, 2013, 1:41:52 PM10/22/13
to ansible...@googlegroups.com, Soumya Simanta
@James - thanks. Looks like it worked. Now the "gathering facts" part works.
GATHERING FACTS ***************************************************************
<10.128.3.96> ESTABLISH CONNECTION FOR USER: ubuntu
<10.128.3.96> EXEC ['ssh', '-tt', '-vvv', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/home/dhkarimi/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'StrictHostKeyChecking=no', '-o', 'Port=22', '-o', 'IdentityFile=/home/myuserid/.ec2/myprivatekey.pem', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'User=ubuntu', '-o', 'ConnectTimeout=10', u'10.128.3.96', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-1382460221.33-1627522380647 && chmod a+rx $HOME/.ansible/tmp/ansible-1382460221.33-1627522380647 && echo $HOME/.ansible/tmp/ansible-1382460221.33-1627522380647'"]
<10.128.3.96> REMOTE_MODULE setup
<10.128.3.96> PUT /tmp/tmpoW_ql9 TO /home/ubuntu/.ansible/tmp/ansible-1382460221.33-1627522380647/setup
<10.128.3.96> EXEC ['ssh', '-tt', '-vvv', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/home/dhkarimi/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'StrictHostKeyChecking=no', '-o', 'Port=22', '-o', 'IdentityFile=/home/myuserid/.ec2/myprivatekey.pem', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'User=ubuntu', '-o', 'ConnectTimeout=10', u'10.128.3.96', '/bin/sh -c \'sudo -k && sudo -H -S -p "[sudo via ansible, key=rvylffsgfldcrdflelruftijxekjhdqu] password: " -u root /bin/sh -c \'"\'"\'/usr/bin/python /home/ubuntu/.ansible/tmp/ansible-1382460221.33-1627522380647/setup; rm -rf /home/ubuntu/.ansible/tmp/ansible-1382460221.33-1627522380647/ >/dev/null 2>&1\'"\'"\'\'']
ok: [10.128.3.96]
However, it fails in the next step in the playbook. I believe that is because it's trying to log in as myuserid and not as ubuntu as defined in the following section of the playbook. The keys on the launched instance are set for the user ubuntu and not the user myuserid.
- name: Configure instance
hosts: deploy #must match groupname in "add_host" above
user: ubuntu
sudo: yes
gather_facts: true
My understanding was that all tasks will use the user defined in the above section of the playbook.
But looks like I've resolved most of the important issues.
Thanks all for the help.
-Soumya
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nis...@openssh.com,ecdsa-sha2-nistp384...@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sentdebug1: SSH2_MSG_KEXINIT receiveddebug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-c...@lysator.liu.sedebug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-c...@lysator.liu.sedebug2: kex_parse_kexinit: hmac-md5,hmac-sha1,uma...@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,uma...@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zl...@openssh.com,zlibdebug2: kex_parse_kexinit: none,zl...@openssh.com,zlibdebug2: kex_parse_kexinit:debug2: kex_parse_kexinit:debug2: kex_parse_kexinit: first_kex_follows 0debug2: kex_parse_kexinit: reserved 0debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-c...@lysator.liu.sedebug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-c...@lysator.liu.sedebug2: kex_parse_kexinit: hmac-md5,hmac-sha1,uma...@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,uma...@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
James Tanner
Oct 22, 2013, 1:47:41 PM10/22/13
to ansible...@googlegroups.com, Soumya Simanta
When passing "-vvvv" to ansible
playbook, every task will output something like ...
<10.128.3.96> ESTABLISH CONNECTION FOR USER: ubuntu
If you suspect a task is connecting as the wrong user, take a look
at the -vvvv outputs to confirm.
Soumya Simanta
Oct 22, 2013, 1:52:24 PM10/22/13
to ansible...@googlegroups.com, Soumya Simanta
@James - I know that it is trying to connect a different user (myuserid) [see log below] and the ssh connection fails because the EC2 instance is configured for user ubuntu and not user myuserid.
Any idea how to fix this ?
TASK: [Get the latest updates for instance] ***********************************
<10.128.3.240> ESTABLISH CONNECTION FOR USER: myuserid
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nis...@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sentdebug1: SSH2_MSG_KEXINIT receiveddebug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
James Tanner
Oct 22, 2013, 1:53:49 PM10/22/13
to ansible...@googlegroups.com, Soumya Simanta
Can we see an example playbook?
Soumya Simanta
Oct 22, 2013, 2:01:14 PM10/22/13
to ansible...@googlegroups.com, Soumya Simanta
Sure. I posted a version with my initial question. But here is the updated one.
I believe it fails here because of the incorrect user.
# Install the necessary software on each instance
- name: Stage instance(s)
hosts: cfgsvr
connection: local
user: dhkarimi
gather_facts: false
vars:
keypair: mykeypair
image: ami-2efa9d47
instance_type: m1.small
subnet: subnet-XXXXXX
region: us-east-1
image: ami-2efa9d47
# Launch 1 instance with the following parameters. Register the output.
# You can change the number of instances to lanuch by changing the "count" variable in the location action
tasks:
- name: Launch instance
local_action: ec2 keypair={{keypair}} vpc_subnet_id={{subnet}} instance_type={{instance_type}} image={{image}} wait=true count=1
register: ec2
# Use with_items to add each instances public IP to a new hostgroup for use in the next play.
- name: Add new instances to host group
local_action: add_host hostname={{item.private_ip}} groupname=deploy
with_items: ${ec2.instances}
- name: Wait for the instances to boot by checking the ssh port
local_action: wait_for host={{item.public_dns_name}} port=22 delay=60 timeout=320 state=started
with_items: ${ec2.instances}
# This play targets the new host group
- name: Configure instance
hosts: deploy
user: ubuntu
sudo: yes
gather_facts: true
# Install the necessary software on each instance
tasks:
- name: Get the latest updates for instance
action: command apt-get update
- name: Install JDK
apt: pkg=openjdk-6-jre-headless state=latest install_recommends=no update_cache=yes
#action: apt pkg=java-1.7.0-openjdk state=latest
- name: Install Maven2
apt: pkg=maven2 state=latest update_cache=yes
James Tanner
Oct 22, 2013, 2:02:31 PM10/22/13
to ansible...@googlegroups.com, Soumya Simanta
Which task is connecting as dhkarimi
when it should be connecting as ubuntu?
Soumya Simanta
Oct 22, 2013, 2:05:31 PM10/22/13
to ansible...@googlegroups.com, Soumya Simanta
The one marked in bold in the playbook.
# Install the necessary software on each instance
tasks:
- name: Get the latest updates for instance
action: command apt-get update
Michael DeHaan
Oct 23, 2013, 2:41:17 PM10/23/13
to ansible...@googlegroups.com, Soumya Simanta
This conversation should probably occur on IRC as it is of an very interactive basic-user-question type feature and is transitioning between different types of questions.
Rather than having a long thread about a lot of different topics, I would suggest taking it over there.
Cynthia Hertzer
Sep 7, 2014, 4:08:37 PM9/7/14
to ansible...@googlegroups.com
I had an issue that initially looked similar to this. I pored over this thread carefully, trying a number of different things. I found a workaround I hadn't seen mentioned and wanted to mention it here in case this is useful for others.
Background/Environment:
Ansible 1.7.1 on OSX, provisioning and CentOS 6.5 EC2 instance
My goal was to write scripts to dynamically determine the IP of an EC2 instance, then run yum update/installs against that new instance.
wait_for ssh consistently indicated that I'd correctly gained the IP of the new instance, and something was answering at the ssh port, but ssh -vvvv debug output would indicate yum installs failed because ssh to the instance was failing. The ssh trace looked nearly identical to debug traces from successful manual command-line ssh tests until it failed at the end.
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password)
I was suspicious that ssh was being run against the wrong user, but the ansible debug output said it was using the user id I'd specified.
Workaround: I added a 1min pause before trying to run yum and have concluded that there was a race condition where the key had not been installed on the EC2 instance when ansible first tried to ssh there to run yum.
Background/Environment:
Ansible 1.7.1 on OSX, provisioning and CentOS 6.5 EC2 instance
My goal was to write scripts to dynamically determine the IP of an EC2 instance, then run yum update/installs against that new instance.
wait_for ssh consistently indicated that I'd correctly gained the IP of the new instance, and something was answering at the ssh port, but ssh -vvvv debug output would indicate yum installs failed because ssh to the instance was failing. The ssh trace looked nearly identical to debug traces from successful manual command-line ssh tests until it failed at the end.
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password)
I was suspicious that ssh was being run against the wrong user, but the ansible debug output said it was using the user id I'd specified.
Workaround: I added a 1min pause before trying to run yum and have concluded that there was a race condition where the key had not been installed on the EC2 instance when ansible first tried to ssh there to run yum.
Michael DeHaan
Sep 7, 2014, 4:30:55 PM9/7/14
to ansible...@googlegroups.com
Yep, that's a thing.
Typically you'll only need to pause a few seconds after an SSH port comes up and before you can connect.
I'd reduce the 1 minute pause to only 5 seconds (immediately following the existing wait_for task), 10 if you are feeling like it.
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/b4e0d2a5-d26c-4b3a-adc0-ab8598265756%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages