SSH inside a task

[Michael Peters]

I'm trying to ssh within an ansible task (sounds silly, but is
actually part of a delegate_to in a playbook that streams a backup
from one server to another) but it just hangs.

I've broken it down into simple test case that fails (just hangs and a
^C doesn't kill it) and was hoping someone could help me figure out
why.

I can definitely execute the command (ssh 10.0.1.75 "ls /"') on the
db2 server directly but not using ansible from the control server.

# test.yml
---
- hosts: all
remote_user: sg
sudo: true
tasks:
- name: testing ssh
raw: 'ssh 10.0.1.86 "ls /"'

]$ ansible-playbook test.yml -l db2 -vvv

PLAY [all] ********************************************************************

GATHERING FACTS ***************************************************************
<10.0.1.75> ESTABLISH CONNECTION FOR USER: sg on PORT 22 TO 10.0.1.75
<10.0.1.75> REMOTE_MODULE setup
<10.0.1.75> EXEC /bin/sh -c 'mkdir -p
$HOME/.ansible/tmp/ansible-tmp-1400685651.86-175650960077921 && chmod
a+rx $HOME/.ansible/tmp/ansible-tmp-1400685651.86-175650960077921 &&
echo $HOME/.ansible/tmp/ansible-tmp-1400685651.86-175650960077921'
<10.0.1.75> PUT /tmp/tmpY_IMMo TO
/home/sg/.ansible/tmp/ansible-tmp-1400685651.86-175650960077921/setup
<10.0.1.75> EXEC /bin/sh -c 'sudo -k && sudo -H -S -p "[sudo via
ansible, key=adxtbqhckpioqfjghxqmtylrksipeooo] password: " -u root
/bin/sh -c '"'"'echo SUDO-SUCCESS-adxtbqhckpioqfjghxqmtylrksipeooo;
LC_CTYPE=en_US.UTF-8 LANG=en_US.UTF-8 /usr/bin/python
/home/sg/.ansible/tmp/ansible-tmp-1400685651.86-175650960077921/setup;
rm -rf /home/sg/.ansible/tmp/ansible-tmp-1400685651.86-175650960077921/
>/dev/null 2>&1'"'"''
ok: [db2]

TASK: [testing ssh] ***********************************************************
<10.0.1.75> ESTABLISH CONNECTION FOR USER: sg on PORT 22 TO 10.0.1.75
<10.0.1.75> EXEC /bin/sh -c 'sudo -k && sudo -H -S -p "[sudo via
ansible, key=tjfnvzeisbrjwbikydzfvwexomrgfmzi] password: " -u root
$SHELL -c '"'"'echo SUDO-SUCCESS-tjfnvzeisbrjwbikydzfvwexomrgfmzi; ssh
10.0.1.86 "ls /"'"'"''


And that's where it hangs indefinitely.

I assume it's some kind of ssh-within-ssh problem, but I've got git
checkouts over ssh to work with the same ansible setup. Any thoughts?

[Christian Rusa]

Have you already tried ssh -n?
I think this could fix your problem as you are not running an
interactive session.

--
toscom - the open source company

Christian Rusa
Breiteneckergasse 32 1230 Wien
Mobil: 0699 10205595 Fax: 01 9249633
www.toscom.at christi...@toscom.at

[Michael Peters]

Thanks for the suggestion, but unfortunately it doesn't work either.
Still hangs in the same spot.

> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/537CDDCA.10208%40toscom.at.
> For more options, visit https://groups.google.com/d/optout.

[Michael Peters]

Btw, it also hangs when I use scp.

[Michael Peters]

I changed pty to False in my ansible.cfg and it has fixed the problem.
I feel slightly stupid...

On Wed, May 21, 2014 at 1:55 PM, Michael Peters

[Michael DeHaan]

Don't do this :)

Use Ansible and if need be, configure jumphosts, or whatever, but Ansible shouldn't ever *NEED* to call ssh.

Ansible already has lots of wrappers for that.

A good pattern for checking for SSH being up is using the wait_for module to check if the port is open (usually 22) followed by a pause task of a few seconds to make sure SSHd is ready.

Ready to go!

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAJQqANdHOxF7iDqOnwmd36nyavv6jKP1U2u6_CF3va%2Bs7J4rFw%40mail.gmail.com.

[Michael Peters]

On Wed, May 21, 2014 at 6:21 PM, Michael DeHaan <mic...@ansible.com> wrote:
>
> Don't do this :)
>
> Use Ansible and if need be, configure jumphosts, or whatever, but Ansible
> shouldn't ever *NEED* to call ssh.

I agree it shouldn't be done in general, but I'm interested to see how
you would have solved my initial, more complicated problem. I just
simplified to the smallest thing that had the same symptoms for my
email.
What I was trying to do was run a backup on one server (that may or
may not be managed by ansible) but stream that backup to the ansible
managed server and run some other tasks on it. I think the original
command was something like this:

innobackupex --stream=tar ./ | pigz | ssh user@ansible_host "cat -
> /data/backups/backup.tar"

So I don't actually want the backup stored on the delegate server, but
compressed and streamed to the target server that ansible is
controlling.

I thought about using netcat, but that seemed more involved with
having to control it on both ends.
Any other thoughts on how to tackle this?

> Ansible already has lots of wrappers for that.

Even though I didn't want to have to write the backup to disk on the
delegate server, I did try to use copy + delegate_to, but now that I
look back, that wasn't going to work.

[Michael DeHaan]

"I agree it shouldn't be done in general, but I'm interested to see how
you would have solved my initial, more complicated problem."

Thanks for providing the actual example of what you are trying to do -- this helps us understand more.

I'd probably start by trying to do something with the 'script' module and get it to the point where it's not interactive, and go from there.

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAJQqANfVqhi%3DTEwaXRj%2B10yZYXM8_d6igOgYaOKVnjnjSCV5YA%40mail.gmail.com.