<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">First thing I've had a peak at one I
did at work and in the hosts.cfg file I have this which might help
to set the ssh user to connect with:<br>
<br>
192.168.xxx.xxx ansible_ssh_user=user1<br>
<br>
<br>
On 05/02/15 10:14, Dan Attwood wrote:<br>
</div>
<blockquote
cite="mid:CAGcBgjgsaS9FNWBW-5Xruw8mOpvXp5eSLHrsJaiK1PXqmSKVfQ@mail.gmail.com"
type="cite">
<div dir="ltr">right this ansible lark is doing my nut in - simple
automate my bottom!
<div><br>
</div>
</div>
</blockquote>
<br>
:-) Not quite sure. What we could do is setup a couple of VMs or
something and do a clean setup that you can then try together to
make sure it works. If you want to do this then let me know off list
(should you have issues with security etc).<br>
<br>
<br>
<br>
<blockquote
cite="mid:CAGcBgjgsaS9FNWBW-5Xruw8mOpvXp5eSLHrsJaiK1PXqmSKVfQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>I'm now getting:</div>
<div><br>
</div>
<div>
<div><br>
</div>
<div>failed: [10.0.100.56] => {"failed": true}</div>
<div>msg: Failed to lock apt for exclusive operation</div>
</div>
<div><br>
</div>
</div>
</blockquote>
<br>
Sounds like apt is not able to gain root lock due to running as a
non su user. <br>
<br>
<br>
<blockquote
cite="mid:CAGcBgjgsaS9FNWBW-5Xruw8mOpvXp5eSLHrsJaiK1PXqmSKVfQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>i've running the playbook with</div>
<div><br>
</div>
<div><br>
</div>
<div>
<div>sudo ansible-playbook ansible/upgrade-server.yml -vvvv
-s -kK --sudo-user administrator</div>
</div>
<div><br>
</div>
<div>so i'm specifying use sudo and have the user as
administrator</div>
<div><br>
</div>
<div><br>
</div>
<div>In the server I'm connecting to in my sudeors file i've got</div>
<div><br>
</div>
<div>
<div>administrator ALL=(ALL) NOPASSWD:ALL</div>
</div>
<div>
<div>%sudo ALL=NOPASSWD: ALL</div>
</div>
<div><br>
</div>
</div>
</blockquote>
Yep that would do it.<br>
<br>
<blockquote
cite="mid:CAGcBgjgsaS9FNWBW-5Xruw8mOpvXp5eSLHrsJaiK1PXqmSKVfQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><br>
</div>
<div>So ignoring how insecure that if for a moment I can run
sudo apt-get whatever on the remote server without having to
input a password - i've confirmed this is the case</div>
<div><br>
</div>
<div>My playbook looks like</div>
<div><br>
</div>
<div>
<div><br>
</div>
<div>- hosts: servers</div>
<div> gather_facts: no</div>
<div> sudo: yes</div>
<div> sudo_user: administrator</div>
<div> tasks:</div>
<div> - name: updates a server</div>
<div> apt: update_cache=yes</div>
<div> - name: upgrade a server</div>
<div> action: apt upgrade=dist</div>
<div><br>
</div>
</div>
<div><br>
</div>
<div>any thoughts kevin? anyone?</div>
<div><br>
</div>
<div><br>
</div>
</div>
</blockquote>
<br>
<br>
Right there is also the other joy that I have discovered is that
running sudo via ssh as it has no tty will bomb out. It's a security
'feature' caught me a few times. It should not be a problem if all
is used correctly with ansible but if you are doing anything unusual
then it could be the problem. I suggest a look through the
sshd_config file to ensure remote ssh commands are not being broken.
Silly question is SELinux enabled? That can introduce what looks
like really bizarre errors because it is stopping things.<br>
<br>
If that playbook is what you are aiming for then I will set up a
couple of vagrant vms and set it up. I can then throw over the boxes
or configs for you. Will be a perhaps Sunday as I need to prep for
going to London on Saturday.<br>
<br>
Kev<br>
<br>
<br>
<br>
<blockquote
cite="mid:CAGcBgjgsaS9FNWBW-5Xruw8mOpvXp5eSLHrsJaiK1PXqmSKVfQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 3 February 2015 at 19:35, Kevin
Groves <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:kgroves@cix.co.uk" target="_blank">kgroves@cix.co.uk</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>So seeing things like:<br>
<br>
"10.0.100.37" from file "/root/.ssh/known_hosts<br>
<br>
100.37 isn't listed in your ansible hosts file so is
that the machine you are running FROM?<br>
<br>
Seems odd that known_hosts is a problem as that is for
incoming connections????<br>
<br>
I just looked at some of mine but I tend towards using
root ssh keys. I suggest stripping it back to a really
simple task with root keys for example. I think there is
a switch to actually prompt for passwords instead of use
keys so this could be worth a try to see what user(s)
are really being used. Even worth switching on sshd
server debug too to see what end is doing what.<br>
<br>
Kev
<div>
<div class="h5"><br>
<br>
<br>
<br>
On 03/02/15 19:03, Dan Attwood wrote:<br>
</div>
</div>
</div>
<div>
<div class="h5">
<blockquote type="cite">
<div dir="ltr">logged in as administrator and sudo
<div><br>
</div>
<div>so yes</div>
<div><br>
</div>
<div>I also tried it with one machine and adding
administrator to the sudoers files with
passwd:all. but no dice</div>
<div> </div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 3 February 2015 at
18:59, Kevin Groves <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:kgroves@cix.co.uk"
target="_blank">kgroves@cix.co.uk</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>On 03/02/15 12:30, Dan Attwood wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div> ssh-copy-id <a
moz-do-not-send="true"
href="mailto:administrator@10.0.100.93"
target="_blank">administrator@10.0.100.93</a></div>
<div><br>
</div>
<div><br>
</div>
</div>
</blockquote>
<br>
OK and you did that logged in as
administrator? and when I mean logged in as
administrator you did login and not did su
administator? <br>
<br>
Kev
<div>
<div><br>
<br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div>manage to hit send to soon</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 3
February 2015 at 12:29, Dan
Attwood <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:danattwood@gmail.com"
target="_blank">danattwood@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div dir="ltr">my host files
looks like this:
<div><br>
</div>
<div>
<div>[all:vars]</div>
<div>ansible_sudo_pass=secretpassword</div>
<div><br>
</div>
<div>[servers]</div>
<div>10.0.100.56 </div>
<div>10.0.100.72</div>
<div>10.0.100.93</div>
<div>10.0.100.38</div>
</div>
<div><br>
</div>
<div><br>
</div>
<div>my playbook is:</div>
<div><br>
</div>
<div>
<div>- hosts: servers</div>
<div> gather_facts: no</div>
<div> user: administrator</div>
<div> remote_user:
administrator</div>
<div> sudo: yes</div>
<div> tasks:</div>
<div> - name: updates a
server</div>
<div> apt:
update_cache=yes</div>
<div> - name: upgrade a
server</div>
<div> apt: upgrade=dist</div>
<div><br>
</div>
</div>
<div><br>
</div>
<div>So it thought I was
pretty clear to ansible that
the user is 'administrator'</div>
<div><br>
</div>
<div><br>
</div>
<div>when i copied the keys
over i did:</div>
<div><br>
</div>
<div><br>
</div>
</div>
<div>
<div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On
3 February 2015 at
12:26, Kevin Groves <span
dir="ltr"><<a
moz-do-not-send="true"
href="mailto:kgroves@ksoft-creative-projects.co.uk" target="_blank">kgroves@ksoft-creative-projects.co.uk</a>></span>
wrote:<br>
<blockquote
class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px
#ccc
solid;padding-left:1ex"><span><br>
On 03/02/15 09:00,
Dan Attwood wrote:<br>
<blockquote
class="gmail_quote"
style="margin:0 0
0
.8ex;border-left:1px
#ccc
solid;padding-left:1ex">
ok i've done that
and that speed
things up a bit.<br>
unfortunately it
speeds it towards
the next fail.
witht he debug on
I can the errors
lists below.<br>
I've double
checked that I can
ssh into the
servers via kay
and I'm following
the note I made
when I had this
working at home so
and dan :-(<br>
<br>
error below<br>
<br>
<br>
fatal:
[10.0.100.37]
=> SSH
encountered an
unknown error. The
output was:<br>
OpenSSH_6.6.1,
OpenSSL 1.0.1f 6
Jan 2014<br>
debug1: Reading
configuration data
/etc/ssh/ssh_config<br>
debug1:
/etc/ssh/ssh_config
line 19: Applying
options for *<br>
debug1: auto-mux:
Trying existing
master<br>
</blockquote>
<br>
<br>
<blockquote
class="gmail_quote"
style="margin:0 0
0
.8ex;border-left:1px
#ccc
solid;padding-left:1ex">
debug1: Control
socket
"/home/administrator/.ansible/cp/ansible-ssh-10.0.100.37-22-administrator"
does not exist<br>
</blockquote>
<br>
</span> Is this home
dir connected with an
'administrator' user?
It could be that
ansible is using the
wrong user key to
connect with what
looks like 'root' on
the other machine.<br>
<br>
Hopefully its just a
matter of which user
is being used on which
side.<br>
<br>
You might also want to
take a look at the
ansible config file.
Mine is in
/etc/ansible/ansible.cfg
which has lines like:<br>
<br>
poll_interval = 15<br>
sudo_user = root<br>
#ask_sudo_pass = True<br>
#ask_pass = True<br>
transport = smart<br>
remote_port = 22<br>
<br>
I think you can be
specific about what
users are used instead
of assuming it knows
what you really mean.
:-)<br>
<br>
Kev
<div>
<div></div>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</blockquote>
</div>
</div>
<br>
</blockquote>
<br>
</div>
</div>
</div>
<br>
_______________________________________________<br>
Kent mailing list<br>
<a moz-do-not-send="true"
href="mailto:Kent@mailman.lug.org.uk">Kent@mailman.lug.org.uk</a><br>
<a moz-do-not-send="true"
href="https://mailman.lug.org.uk/mailman/listinfo/kent"
target="_blank">https://mailman.lug.org.uk/mailman/listinfo/kent</a><br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Kent mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Kent@mailman.lug.org.uk">Kent@mailman.lug.org.uk</a>
<a class="moz-txt-link-freetext" href="https://mailman.lug.org.uk/mailman/listinfo/kent">https://mailman.lug.org.uk/mailman/listinfo/kent</a></pre>
</blockquote>
<br>
</body>
</html>