[Klug-general] Ansible

Alan alan at hipnosi.org
Thu Feb 5 18:46:04 UTC 2015 

OK, I can't help with ansible but a basic tool many miss with blank
ssh-keys is the ~/.ssh/config file. Mine looks like:

Host pong
   Port 2200
   IdentityFile ~/.ssh/pong_nopass

My hosts file has something like:

81.2.112.200    pong

- pong_nopass is an ssh private key (with empty password)
- on server pong the /root/.ssh/authorized_keys file contains the
contents of pong_nopass.pub.
- on server pong sshd is running on port 2200

Now I can ssh (or issue ssh commands) via users crontab to pong with
ssh root at pong (and no password is requested)

Hope this helps

======================================
On 03/02/15 19:35, Kevin Groves wrote:
> So seeing things like:
>
> "10.0.100.37" from file "/root/.ssh/known_hosts
>
> 100.37 isn't listed in your ansible hosts file so is that the machine
> you are running FROM?
>
> Seems odd that known_hosts is a problem as that is for incoming
> connections????
>
> I just looked at some of mine but I tend towards using root ssh keys.
> I suggest stripping it back to a really simple task with root keys for
> example. I think there is a switch to actually prompt for passwords
> instead of use keys so this could be worth a try to see what user(s)
> are really being used. Even worth switching on sshd server debug too
> to see what end is doing what.
>
> Kev
>
>
>
> On 03/02/15 19:03, Dan Attwood wrote:
>> logged in as administrator and sudo
>>
>> so yes
>>
>> I also tried it with one machine and adding administrator to the
>> sudoers files with passwd:all. but no dice
>>
>> On 3 February 2015 at 18:59, Kevin Groves <kgroves at cix.co.uk
>> <mailto:kgroves at cix.co.uk>> wrote:
>>
>>     On 03/02/15 12:30, Dan Attwood wrote:
>>>      ssh-copy-id administrator at 10.0.100.93
>>>     <mailto:administrator at 10.0.100.93>
>>>
>>>
>>
>>     OK and you did that logged in as administrator? and when I mean
>>     logged in as administrator you did login and not did su
>> administator?
>>
>>     Kev
>>
>>
>>
>>>     manage to hit send to soon
>>>
>>>     On 3 February 2015 at 12:29, Dan Attwood <danattwood at gmail.com
>>>     <mailto:danattwood at gmail.com>> wrote:
>>>
>>>         my host files looks like this:
>>>
>>>         [all:vars]
>>>         ansible_sudo_pass=secretpassword
>>>
>>>         [servers]
>>>         10.0.100.56
>>>         10.0.100.72
>>>         10.0.100.93
>>>         10.0.100.38
>>>
>>>
>>>         my playbook is:
>>>
>>>         - hosts: servers
>>>           gather_facts: no
>>>           user: administrator
>>>           remote_user: administrator
>>>           sudo: yes
>>>           tasks:
>>>            - name: updates a server
>>>              apt: update_cache=yes
>>>            - name: upgrade a server
>>>              apt: upgrade=dist
>>>
>>>
>>>         So it thought I was pretty clear to ansible that the user is
>>>         'administrator'
>>>
>>>
>>>         when i copied the keys over i did:
>>>
>>>
>>>
>>>         On 3 February 2015 at 12:26, Kevin Groves
>>>         <kgroves at ksoft-creative-projects.co.uk
>>>         <mailto:kgroves at ksoft-creative-projects.co.uk>> wrote:
>>>
>>>
>>>             On 03/02/15 09:00, Dan Attwood wrote:
>>>
>>>                 ok i've done that and that speed things up a bit.
>>>                 unfortunately it speeds it towards the next fail.
>>>                 witht he debug on I can the errors lists below.
>>>                 I've double checked that I can ssh into the servers
>>>                 via kay and I'm following the note I made when I had
>>>                 this working at home so and dan :-(
>>>
>>>                 error below
>>>
>>>
>>>                 fatal: [10.0.100.37] => SSH encountered an unknown
>>>                 error. The output was:
>>>                 OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
>>>                 debug1: Reading configuration data /etc/ssh/ssh_config
>>>                 debug1: /etc/ssh/ssh_config line 19: Applying options
>>>                 for *
>>>                 debug1: auto-mux: Trying existing master
>>>
>>>
>>>
>>>                 debug1: Control socket
>>>                
>>> "/home/administrator/.ansible/cp/ansible-ssh-10.0.100.37-22-administrator"
>>>                 does not exist
>>>
>>>
>>>             Is this home dir connected with an 'administrator' user?
>>>             It could be that ansible is using the wrong user key to
>>>             connect with what looks like 'root' on the other machine.
>>>
>>>             Hopefully its just a matter of which user is being used
>>>             on which side.
>>>
>>>             You might also want to take a look at the ansible config
>>>             file. Mine is in /etc/ansible/ansible.cfg which has lines
>>>             like:
>>>
>>>             poll_interval  = 15
>>>             sudo_user      = root
>>>             #ask_sudo_pass = True
>>>             #ask_pass      = True
>>>             transport      = smart
>>>             remote_port    = 22
>>>
>>>             I think you can be specific about what users are used
>>>             instead of assuming it knows what you really mean. :-)
>>>
>>>             Kev

More information about the Kent mailing list