[Klug-general] Ansible

Dan Attwood danattwood at gmail.com
Thu Feb 5 10:14:31 UTC 2015 

right this ansible lark is doing my nut in - simple automate my bottom!

I'm now getting:


failed: [10.0.100.56] => {"failed": true}
msg: Failed to lock apt for exclusive operation

i've running the playbook with


sudo  ansible-playbook ansible/upgrade-server.yml -vvvv -s -kK --sudo-user
administrator

so i'm specifying use sudo and have the user as administrator


In the server I'm connecting to in my sudeors file i've got

administrator ALL=(ALL) NOPASSWD:ALL
%sudo   ALL=NOPASSWD: ALL


So ignoring how insecure that if for a moment I can run sudo apt-get
whatever on the remote server without having to input a password - i've
confirmed this is the case

My playbook looks like


- hosts: servers
  gather_facts: no
  sudo: yes
  sudo_user: administrator
  tasks:
   - name: updates a server
     apt: update_cache=yes
   - name: upgrade a server
     action: apt upgrade=dist


any thoughts kevin? anyone?











On 3 February 2015 at 19:35, Kevin Groves <kgroves at cix.co.uk> wrote:

>  So seeing things like:
>
> "10.0.100.37" from file "/root/.ssh/known_hosts
>
> 100.37 isn't listed in your ansible hosts file so is that the machine you
> are running FROM?
>
> Seems odd that known_hosts is a problem as that is for incoming
> connections????
>
> I just looked at some of mine but I tend towards using root ssh keys. I
> suggest stripping it back to a really simple task with root keys for
> example. I think there is a switch to actually prompt for passwords instead
> of use keys so this could be worth a try to see what user(s) are really
> being used. Even worth switching on sshd server debug too to see what end
> is doing what.
>
> Kev
>
>
>
>
> On 03/02/15 19:03, Dan Attwood wrote:
>
> logged in as administrator and sudo
>
>  so yes
>
>  I also tried it with one machine and adding administrator to the sudoers
> files with passwd:all. but no dice
>
>
> On 3 February 2015 at 18:59, Kevin Groves <kgroves at cix.co.uk> wrote:
>
>>  On 03/02/15 12:30, Dan Attwood wrote:
>>
>>   ssh-copy-id administrator at 10.0.100.93
>>
>>
>>
>> OK and you did that logged in as administrator? and when I mean logged in
>> as administrator you did login and not did  su administator?
>>
>> Kev
>>
>>
>>
>>  manage to hit send to soon
>>
>> On 3 February 2015 at 12:29, Dan Attwood <danattwood at gmail.com> wrote:
>>
>>> my host files looks like this:
>>>
>>>  [all:vars]
>>> ansible_sudo_pass=secretpassword
>>>
>>>  [servers]
>>> 10.0.100.56
>>> 10.0.100.72
>>> 10.0.100.93
>>> 10.0.100.38
>>>
>>>
>>>  my playbook is:
>>>
>>>  - hosts: servers
>>>   gather_facts: no
>>>   user: administrator
>>>   remote_user: administrator
>>>   sudo: yes
>>>   tasks:
>>>    - name: updates a server
>>>      apt: update_cache=yes
>>>    - name: upgrade a server
>>>      apt: upgrade=dist
>>>
>>>
>>>  So it thought I was pretty clear to ansible that the user is
>>> 'administrator'
>>>
>>>
>>>  when i copied the keys over i did:
>>>
>>>
>>>
>>> On 3 February 2015 at 12:26, Kevin Groves <
>>> kgroves at ksoft-creative-projects.co.uk> wrote:
>>>
>>>>
>>>> On 03/02/15 09:00, Dan Attwood wrote:
>>>>
>>>>> ok i've done that and that speed things up a bit.
>>>>> unfortunately it speeds it towards the next fail. witht he debug on I
>>>>> can the errors lists below.
>>>>> I've double checked that I can ssh into the servers via kay and I'm
>>>>> following the note I made when I had this working at home so and dan :-(
>>>>>
>>>>> error below
>>>>>
>>>>>
>>>>> fatal: [10.0.100.37] => SSH encountered an unknown error. The output
>>>>> was:
>>>>> OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
>>>>> debug1: Reading configuration data /etc/ssh/ssh_config
>>>>> debug1: /etc/ssh/ssh_config line 19: Applying options for *
>>>>> debug1: auto-mux: Trying existing master
>>>>>
>>>>
>>>>
>>>>  debug1: Control socket
>>>>> "/home/administrator/.ansible/cp/ansible-ssh-10.0.100.37-22-administrator"
>>>>> does not exist
>>>>>
>>>>
>>>>  Is this home dir connected with an 'administrator' user? It could be
>>>> that ansible is using the wrong user key to connect with what looks like
>>>> 'root' on the other machine.
>>>>
>>>> Hopefully its just a matter of which user is being used on which side.
>>>>
>>>> You might also want to take a look at the ansible config file. Mine is
>>>> in /etc/ansible/ansible.cfg which has lines like:
>>>>
>>>> poll_interval  = 15
>>>> sudo_user      = root
>>>> #ask_sudo_pass = True
>>>> #ask_pass      = True
>>>> transport      = smart
>>>> remote_port    = 22
>>>>
>>>> I think you can be specific about what users are used instead of
>>>> assuming it knows what you really mean. :-)
>>>>
>>>> Kev
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Kent mailing list
>>>> Kent at mailman.lug.org.uk
>>>> https://mailman.lug.org.uk/mailman/listinfo/kent
>>>>
>>>
>>>
>>
>>
>> _______________________________________________
>> Kent mailing listKent at mailman.lug.org.ukhttps://mailman.lug.org.uk/mailman/listinfo/kent
>>
>>
>>
>> _______________________________________________
>> Kent mailing list
>> Kent at mailman.lug.org.uk
>> https://mailman.lug.org.uk/mailman/listinfo/kent
>>
>
>
>
> _______________________________________________
> Kent mailing listKent at mailman.lug.org.ukhttps://mailman.lug.org.uk/mailman/listinfo/kent
>
>
>
> _______________________________________________
> Kent mailing list
> Kent at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/kent
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/kent/attachments/20150205/3259f8e4/attachment.html>

More information about the Kent mailing list