Menu
Public IP: xxx.xxx.xxx.xxx (This is working to get direct access to public VM: webserver-1 ansible_port=50003 ansible_host=xxx.xxx.xxx.xxx ansible_user=ronak ansible_ssh_private_key_file=priv_key)
Private IP: 10.0.2.4 (ssh [email protected])
ssh ssh
vagrant host ----> public host (port: 50003) ----> private host (port: 22)
^ ^
using A's using B's
ssh priv key PASSWORD
hosts:
[database]
dbserver-1 ansible_port=22 ansible_host=10.0.2.4 ansible_user=ronak ansible_ssh_pass=password
dbserver.yml:
- hosts: "database"
remote_user: ronak
become: yes
become_user: root
become_method: sudo
gather_facts: no
vars:
- ansible_ssh_common_args: '-o ProxyCommand="ssh -i ./priv_key -o StrictHostKeyChecking=no -W %h:%p [email protected] -p 50003"'
roles:
- dbserver
Error:
vagrant@vagrant-ubuntu-trusty-64:/var/www/Ansible$ ansible-playbook dbserver.yml -vvv
Using /var/www/Ansible/ansible.cfg as config file
task path: /var/www/Ansible/roles/dbserver/tasks/main.yml:2
Using module file /usr/local/lib/python2.7/dist-packages/ansible/modules/packaging/os/apt.py
<10.0.2.4> ESTABLISH SSH CONNECTION FOR USER: ronak
<10.0.2.4> SSH: EXEC sshpass -d12 ssh -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o Port=22 -o User=ronak -o ConnectTimeout=10 -o 'ProxyCommand=ssh -i ./priv_key -o StrictHostKeyChecking=no -W %h:%p [email protected] -p 50003' -o ControlPath=/home/vagrant/.ansible/cp/dbabe40296 10.0.2.4 '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<10.0.2.4> (5, '', "Warning: Permanently added '10.0.2.4' (ECDSA) to the list of known hosts.\r\nPermission denied, please try again.\r\n")
<10.0.2.4> ESTABLISH SSH CONNECTION FOR USER: ronak
<10.0.2.4> SSH: EXEC sshpass -d12 ssh -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o Port=22 -o User=ronak -o ConnectTimeout=10 -o 'ProxyCommand=ssh -i ./priv_key -o StrictHostKeyChecking=no -W %h:%p [email protected] -p 50003' -o ControlPath=/home/vagrant/.ansible/cp/dbabe40296 10.0.2.4 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1495038139.56-230805529478418 `" && echo ansible-tmp-1495038139.56-230805529478418="` echo ~/.ansible/tmp/ansible-tmp-1495038139.56-230805529478418 `" ) && sleep 0'"'"''
<10.0.2.4> (5, '', "Warning: Permanently added '10.0.2.4' (ECDSA) to the list of known hosts.\r\nPermission denied, please try again.\r\n")
fatal: [dbserver-1]: UNREACHABLE! => {
"changed": false,
"msg": "Authentication failure.",
"unreachable": true
}
ansible.cfg
[defaults]
inventory = ./hosts
ask_sudo_pass = True
host_key_checking = False
[paramiko_connection]
record_host_keys = False
[ssh_connection]
ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o
UserKnownHostsFile=/dev/null
ANSIBLE_DEBUG
Warning: Permanently added '10.0.2.4' (ECDSA) to the list of known hosts.
<<<
4156 1495119116.27802: stderr chunk (state=3):
>>>debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
<<<
4156 1495119116.27876: stderr chunk (state=3):
>>>debug2: set_newkeys: mode 0
<<<
4156 1495119116.27929: stderr chunk (state=3):
>>>debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
<<<
4156 1495119116.37456: stderr chunk (state=3):
>>>debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/vagrant/.ssh/id_rsa ((nil)),
debug2: key: /home/vagrant/.ssh/id_dsa ((nil)),
debug2: key: /home/vagrant/.ssh/id_ecdsa ((nil)),
debug2: key: /home/vagrant/.ssh/id_ed25519 ((nil)),
<<<
4156 1495119116.40286: stderr chunk (state=3):
>>>debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/vagrant/.ssh/id_rsa
debug3: no such identity: /home/vagrant/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /home/vagrant/.ssh/id_dsa
debug3: no such identity: /home/vagrant/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/vagrant/.ssh/id_ecdsa
debug3: no such identity: /home/vagrant/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/vagrant/.ssh/id_ed25519
debug3: no such identity: /home/vagrant/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
<<<
4156 1495119116.40710: stderr chunk (state=3):
>>>debug3: packet_send2: adding 64 (len 57 padlen 7 extra_pad 64)
debug2: we sent a password packet, wait for reply
<<<
4156 1495119118.39890: stderr chunk (state=3):
>>>debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
<<<
10.0.4.2 log /var/log/auth.log
May 18 15:03:16 dev-db-VM0 sshd[51082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.1.5 user=ronak
May 18 15:03:18 dev-db-VM0 sshd[51082]: Failed password for ronak from 10.0.1.5 port 49234 ssh2
May 18 15:03:18 dev-db-VM0 sshd[51082]: Failed password for ronak from 10.0.1.5 port 49234 ssh2
May 18 15:03:18 dev-db-VM0 sshd[51082]: Connection closed by 10.0.1.5 port 49234 [preauth]
May 18 15:03:20 dev-db-VM0 sshd[51086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.1.5 user=ronak
May 18 15:03:22 dev-db-VM0 sshd[51086]: Failed password for ronak from 10.0.1.5 port 49236 ssh2
May 18 15:03:22 dev-db-VM0 sshd[51086]: Connection closed by 10.0.1.5 port 49236 [preauth]
446
This connection plugin allows ansible to communicate to the target machines via normal ssh command line. Ansible does not expose a channel to allow communication between the user and the ssh process to accept a password manually to decrypt an ssh key when using this connection plugin (which is the default).
By default, Ansible assumes you are using SSH keys to connect to remote machines. SSH keys are encouraged, but you can use password authentication if needed with the --ask-pass option.
By default, Ansible ships with several connection plugins. The most commonly used are the paramiko SSH, native ssh (just called ssh), and local connection types. All of these can be used in playbooks and with /usr/bin/ansible to decide how you want to talk to remote machines.
Looking at the sshd log:
May 18 15:03:20 dev-db-VM0 sshd[51086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.1.5 user=ronak
May 18 15:03:22 dev-db-VM0 sshd[51086]: Failed password for ronak from 10.0.1.5 port 49236 ssh2
I think that the problem is with incorrect password for ronak account.
Please make sure that you set it correctly (copy and paste it again into your config files).
Also make sure that there are no variables priority collision.
You can try to execute playbook with -e ansible_ssh_pass=password to ensure the highest priority for password settings.
P.S. I've mimicked your environment in virtual box and everything works ok with similar setup.
166
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
