ansible ping fails, but can SSH to host just fine

2,461 views
Skip to first unread message

Robert Egloff

unread,
Apr 8, 2020, 3:33:17 PM4/8/20
to Ansible Project
I'm sure it's something I'm doing... but I managed to create a playbook to create my ansible user, add the SSH key, and all of that to a remote server. 
However, to get it to run - I need to use the --ask-pass parameter.

ansible-playbook -i "remote_server," add_ans_user.yml -b --ask-pass  << That works and creates the user just fine, which makes sense as it needs to create the account as root. 

After running the playbook to create the user, I can SSH without issues as the user to the remote server, no password required - which means it should be using the SSH key just fine. 

The playbook adds the public key (key_file: "/opt/ansible_account/.ssh/id_rsa.pub") - which seems to work for authentication for this account. 


[ansible_account@remote_server linux_small_plays]$ ssh remote_server
Last login: Wed Apr  8 11:09:20 2020 from remote_server.domain.com
[ansible_account@remote_server ~]$

But when I attempt a ping with this account, it fails.

[ansible_account@ansible_controller linux_small_plays]$ ansible -m ping remote_server
Wednesday 08 April 2020  14:14:38 -0500 (0:00:00.077)       0:00:00.077 *******
remote_server | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
    "unreachable": true
}
Wednesday 08 April 2020  14:14:39 -0500 (0:00:00.335)       0:00:00.413 *******
===============================================================================
ping -------------------------------------------------------------------------------------------------------------------------------------------------------- 0.34s
Playbook run took 0 days, 0 hours, 0 minutes, 0 seconds
[ansible_account@ansible_controller linux_small_plays]$

This is confusing me - because regular SSH from the Ansible Controller as the ansible user I setup to the Remote_Server works just fine. If I use -b to become and provide the password for root, it works just fine as well. 

[ansible_account@ansible_controller linux_small_plays]$ ansible -m ping remote_server -b --ask-pass
SSH password:
Wednesday 08 April 2020  14:23:19 -0500 (0:00:00.079)       0:00:00.079 *******
remote_server | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
Wednesday 08 April 2020  14:23:21 -0500 (0:00:01.393)       0:00:01.472 *******
===============================================================================
ping -------------------------------------------------------------------------------------------------------------------------------------------------------- 1.39s
Playbook run took 0 days, 0 hours, 0 minutes, 1 seconds
[ansible_account@ansible_controller linux_small_plays]$

It seems to be an issue with the SSH key, but since that account seems to work fine - I'm not sure right off where to look next. I have been doing more verbose connections, but didn't want to post that wall of output just yet - in case this is something obvious I'm doing wrong. 

But on a simple "ssh -vvvv remote_host" - some of the information it returns:

debug1: Next authentication method: publickey
debug1: Offering RSA public key: /opt/ansible_account/.ssh/id_rsa

debug1: Server accepts key: pkalg ssh-rsa blen 535

debug1: Authentication succeeded (publickey).
Authenticated to remote_host ([192.168.1.10]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0

**Also - I changed the server names and account names - I'm not really using an underscore in any of them :)



Robert Egloff

unread,
Apr 8, 2020, 3:45:45 PM4/8/20
to Ansible Project
Right after I posted this - I found the answer and I'll update it in case anyone else runs into this. 
As I was closing some of my many open tabs (bad about that) - I ran across this:


Someone suggested in this person's case to run this command: ansible all -u ec2-user -m ping -vvv

So I tried that command defining the user and it worked immediately. 

After a little more digging, the directory I was running Ansible in had an 'ansible.cfg' file that was defining the user as 'root'. So it seems it was attempting to connect as root, but using the SSH key file for the ansible_account. After that, just moving out of my test directory proved that running the command 'vanilla' worked just fine. 

[ansible_account@ansible_controller ~]$ ansible -m ping remote_server
Wednesday 08 April 2020  14:39:18 -0500 (0:00:00.075)       0:00:00.075 *******
remote_server | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
Wednesday 08 April 2020  14:39:20 -0500 (0:00:01.487)       0:00:01.562 *******
===============================================================================
ping -------------------------------------------------------------------------------------------------------------------------------------------------------- 1.49s
Playbook run took 0 days, 0 hours, 0 minutes, 1 seconds
[ansible_account@ansible_controller ~]$


I figured it was some little detail I was missing and maybe it'll help someone out there :)

Happy DevOps-ing!
Reply all
Reply to author
Forward
0 new messages