ansible delegate_to behaving absurd when used inside a loop

45 views
Skip to first unread message

shif...@gmail.com

unread,
Sep 7, 2020, 12:04:39 AM9/7/20
to Ansible Project

Sharing my testcase below demonstrating the problem that one can replicate:

I have ssh connectivity from ansible host to JUMP Servers with root user as below:

anuser1@ANSIBLE_HOST# ssh ro...@10.0.0.1 ----------> success anuser1@ANSIBLE_HOST# ssh ro...@10.0.0.2 ----------> success

Below is the command i use to execute my playbook:

ansible-playbook /app/playbook/injectkey/injectkey.yml -e JUMP_SERVER='10.0.0.1\n10.0.0.2' -e TARGET_SERVER='192.0.0.99' -e TARGET_USER='root' -vvv

Below is my playbook injectkey.yml:

---

- name: "Play 1"
  hosts: localhost
  gather_facts: false
  tags: always
  tasks:
    - name: Add host
      debug:
        msg: " hello "
    - set_fact:
        jump_server_list: "{{ JUMP_SERVER | trim }}"
    - set_fact:
        target_server_list: "{{ TARGET_SERVER | trim }}"

    - add_host:
        hostname: "{{ item }}"
        groups: jump_nodes
      with_items: "{{ jump_server_list.split('\n') }}"

    - add_host:
        hostname: "{{ item }}"
        groups: dest_nodes
      with_items: "{{ target_server_list.split('\n') }}"

- name: "Play 3"
  hosts: dest_nodes
  user: root
  gather_facts: false
  ignore_unreachable: yes

  tasks:
    - name: DEEBUG Inject ssh keys by invoking script
      include_tasks: testcheckandaddkey.yml
      with_items: "{{ groups['jump_nodes'] }}"

The issue is with task -> CHECK RAW1 in the testcheckandaddkey.yml which is as below:

---

    - name: CHECK LOOP

      ignore_errors: yes

      debug:

        msg: "/tmp/addkeyscript.sh {{ item }} {{ inventory_hostname }} {{ TARGET_USER }}"

      delegate_to: localhost


    - name: CHECK RAW

      ignore_errors: yes

      raw: "echo {{ item }} {{ inventory_hostname }} {{ TARGET_USER }}"

      delegate_to: localhost


    - name: CHECK LOOP2

      ignore_errors: yes

      debug:

        msg: "/tmp/addkeyscript.sh {{ item }} {{ inventory_hostname }} {{ TARGET_USER }}"

      delegate_to: "{{ item }}"


    - name: CHECK RAW1

      ignore_errors: yes

      raw: "echo {{ item }} {{ inventory_hostname }} {{ TARGET_USER }}"

      delegate_to: "{{ item }}"

In the testcheckandaddkey.yml i can see both IPs in debug module but the delegation does not happen for the second IP 10.0.0.2 with raw module as visible in the output below.

Output:

TASK [DEEBUG Inject ssh keys by invoking script] ***********************************************************************************************************************

task path: /app/playbook/injectkey/injectkey.yml:93

included: /app/playbook/injectkey/testcheckandaddkey.yml for 192.0.0.99

included: /app/playbook/injectkey/testcheckandaddkey.yml for 192.0.0.99


TASK [CHECK LOOP] ******************************************************************************************************************************************************

task path: /app/playbook/injectkey/testcheckandaddkey.yml:4

ok: [192.0.0.99 -> localhost] => {

    "msg": "/tmp/addkeyscript.sh 10.0.0.1 192.0.0.99 root"

}


TASK [CHECK RAW] *******************************************************************************************************************************************************

task path: /app/playbook/injectkey/testcheckandaddkey.yml:10

<localhost> ESTABLISH LOCAL CONNECTION FOR USER: ansibleuser

<localhost> EXEC echo 10.0.0.1 192.0.0.99 root

changed: [192.0.0.99 -> localhost] => {

    "changed": true,

    "rc": 0,

    "stderr": "",

    "stderr_lines": [],

    "stdout": "10.0.0.1 192.0.0.99 root\n",

    "stdout_lines": [

        "10.0.0.1 192.0.0.99 root"

    ]

}


TASK [CHECK LOOP2] *****************************************************************************************************************************************************

task path: /app/playbook/injectkey/testcheckandaddkey.yml:15

ok: [192.0.0.99 -> 10.0.0.1] => {

    "msg": "/tmp/addkeyscript.sh 10.0.0.1 192.0.0.99 root"

}


TASK [CHECK RAW1] ******************************************************************************************************************************************************

task path: /app/playbook/injectkey/testcheckandaddkey.yml:21

<10.0.0.1> ESTABLISH SSH CONNECTION FOR USER: root

<10.0.0.1> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/home/ansibleuser/.ansible/cp/1a88418cb1 -tt 10.0.0.1 'echo 10.0.0.1 192.0.0.99 root'

<10.0.0.1> (0, '10.0.0.1 192.0.0.99 root\r\n', 'Shared connection to 10.0.0.1 closed.\r\n')

changed: [192.0.0.99 -> 10.0.0.1] => {

    "changed": true,

    "rc": 0,

    "stderr": "Shared connection to 10.0.0.1 closed.\r\n",

    "stderr_lines": [

        "Shared connection to 10.0.0.1 closed."

    ],

    "stdout": "10.0.0.1 192.0.0.99 root\r\n",

    "stdout_lines": [

        "10.0.0.1 192.0.0.99 root"

    ]

}


TASK [CHECK LOOP] ******************************************************************************************************************************************************

task path: /app/playbook/injectkey/testcheckandaddkey.yml:4

ok: [192.0.0.99 -> localhost] => {

    "msg": "/tmp/addkeyscript.sh 10.0.0.2 192.0.0.99 root"

}


TASK [CHECK RAW] *******************************************************************************************************************************************************

task path: /app/playbook/injectkey/testcheckandaddkey.yml:10

<localhost> ESTABLISH LOCAL CONNECTION FOR USER: ansibleuser

<localhost> EXEC echo 10.0.0.2 192.0.0.99 root

changed: [192.0.0.99 -> localhost] => {

    "changed": true,

    "rc": 0,

    "stderr": "",

    "stderr_lines": [],

    "stdout": "10.0.0.2 192.0.0.99 root\n",

    "stdout_lines": [

        "10.0.0.2 192.0.0.99 root"

    ]

}


TASK [CHECK LOOP2] *****************************************************************************************************************************************************

task path: /app/playbook/injectkey/testcheckandaddkey.yml:15

ok: [192.0.0.99 -> 10.0.0.2] => {

    "msg": "/tmp/addkeyscript.sh 10.0.0.2 192.0.0.99 root"

}


TASK [CHECK RAW1] ******************************************************************************************************************************************************

task path: /app/playbook/injectkey/testcheckandaddkey.yml:21

<10.0.0.2> ESTABLISH SSH CONNECTION FOR USER: root

<10.0.0.2> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/home/ansibleuser/.ansible/cp/42c5d2e05f -tt 10.0.0.2 'echo 10.0.0.2 192.0.0.99 root'

<10.0.0.2> (255, '', 'Permission denied (publickey,password,keyboard-interactive).\r\n')

fatal: [192.0.0.99]: UNREACHABLE! => {

    "changed": false,

    "msg": "Failed to connect to the host via ssh: Permission denied (publickey,password,keyboard-interactive).",

    "skip_reason": "Host 192.0.0.99 is unreachable",

    "unreachable": true

}

For TASK [CHECK RAW1] I was expecting changed: [192.0.0.99 -> 10.0.0.2] => { just like how i got the other IP changed: [192.0.0.99 -> 10.0.0.1] => {

but instead i get fatal: [192.0.0.99]: UNREACHABLE! => {

From the output:

<10.0.0.2> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/home/ansibleuser/.ansible/cp/42c5d2e05f -tt 10.0.0.2 'echo 10.0.0.2 192.0.0.99 root'

I tried the above ssh command from the problematic task CHECK RAW1 manually and it works fine !!

Can you please suggest how can i get the delegation to both the IPs to work instead of the single IP?

Any workaround trick to get this to work will be greatly appreciated.

Reply all
Reply to author
Forward
0 new messages