Online notes on technical issues I encountered using Ansible and the resolution. Posting online in case I need to refer to it again
1.) The remote machine needs to have python simplejson or json module
Resolution: Run command to remote install module
ansible hostname -i inventory/hosts -m raw -a "sudo yum install -y python-simplejson" -k -u root -vvvv
ansible hostname -i inventory/hosts -m raw -a "sudo yum install -y python-simplejson" -k -u root -vvvv
2.) authorized_keys does not work on target ssh server
Symptom: When ssh from Ansible server to target server, it ask for a password even when .ssh/authorized_keys are set
Symptom: When ssh from Ansible server to target server, it ask for a password even when .ssh/authorized_keys are set
Make sure the permissions on the
~/.ssh directory and its contents are proper. When I first set up my ssh key auth, I didn't have the ~/.ssh folder properly set up, and it yelled at me.
|
If that does not work, on the target server
sudo su -
service sshd stop (Note: this will not kill your current session)
/use/sbin/sshd -d (Note: debug mode)
service sshd stop (Note: this will not kill your current session)
/use/sbin/sshd -d (Note: debug mode)
service sshd start (Note: do this when finished debugging or else no one can ssh into the VM. Try ssh from a new terminal before exiting the main root terminal)
In debug mode, you will see what sshd is doing when it is trying to read the authorized_keys file
In my case, sshd was reading the wrong file. To fix I had to
Edit /etc/ssh/sshd_config, and uncomment
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
Then restart sshd
service sshd stop
service sshd start
service sshd stop
service sshd start
3.) Issue: The remote user needs to be able to “sudo su –“ without password. Needed to configure iptables firewall and other super-admin commands
Resolution: Have user add entry in /etc/sudoers file
Resolution: Have user add entry in /etc/sudoers file
Backlog Enhancement: Have precondition check for root access. Or find a way to make root access unnecessary
4.) Ansible 2.2.0 had a bug
https://github.com/ansible/ansible/issues/16128
https://github.com/ansible/ansible/issues/16128
Resolution: Updated Ansible from Git with the latest version
git pull --rebase
git submodule update --init –recursive
5.) Ansible has issues transfering files to target server.
Ansible uses sftp to transfer files behind the scenes. Try
sftp user@target-server
to see if you can sftp without a password.
If you cannot, sftp sometimes has issues with echo in .bashrc . Comment out the echo in .bashrc and try again.
If that does not work, force Ansible to use scp instead of sftp.
In /etc/ansible/ansible.cfg, add the line
scp_if_ssh = True
or if you cannot edit the ansible.cfg file, then from shell type
export ANSIBLE_SCP_IF_SSH=y
No comments:
Post a Comment