Ansible authentication failure, despite successfull keybased ssh-login

Archives Ansible Project
1

Hi,

When I try to connect to a host with ansible, it fails with the user jenkins.
Despite keybased sshlogin is succesfull.

[jenkins@geppetto ~]$ ssh jenkins@cal-25
Last login: Fri May 23 11:19:58 2014 from geppetto.oma.be
[jenkins@cal-25 ~]$ exit
logout
Connection to cal-25 closed.
[jenkins@geppetto ~]$ ansible cal-25 -m ping -u jenkins
cal-25 | FAILED => FAILED: Authentication failed.
[jenkins@geppetto ~]$

Any suggestions on troubleshooting this?

Thanks,

Joost

2

​Can you show the output of this, adding -vvvv ?​

3

[jenkins@geppetto ~]$ ansible -vvv cal-25 -m ping -u jenkins
ESTABLISH CONNECTION FOR USER: root on PORT 22 TO cal-25
cal-25 | FAILED => FAILED: Authentication failed.
[jenkins@geppetto ~]$

I tried with root and pass, that works:

[jenkins@geppetto ~]$ ansible cal-25 -m ping -u root --ask-pass
SSH password:
cal-25 | success >> {
“changed”: false,
“ping”: “pong”
}

[jenkins@geppetto ~]$

4

To be complete:

[jenkins@geppetto ~]$ ansible -vvv cal-25 -m ping -u root --ask-pass
SSH password:
ESTABLISH CONNECTION FOR USER: root on PORT 22 TO cal-25
REMOTE_MODULE ping
EXEC /bin/sh -c ‘mkdir -p $HOME/.ansible/tmp/ansible-tmp-1400837387.95-16436599027436 && echo $HOME/.ansible/tmp/ansible-tmp-1400837387.95-16436599027436’
PUT /tmp/tmp7uj9w8 TO /root/.ansible/tmp/ansible-tmp-1400837387.95-16436599027436/ping
EXEC /bin/sh -c ‘LC_CTYPE=en_US.UTF-8 LANG=en_US.UTF-8 /usr/bin/python /root/.ansible/tmp/ansible-tmp-1400837387.95-16436599027436/ping; rm -rf /root/.ansible/tmp/ansible-tmp-1400837387.95-16436599027436/ >/dev/null 2>&1’
cal-25 | success >> {
“changed”: false,
“ping”: “pong”
}
[jenkins@geppetto ~]$ ansible -vvv cal-25 -m ping -u jenkins
ESTABLISH CONNECTION FOR USER: root on PORT 22 TO cal-25
cal-25 | FAILED => FAILED: Authentication failed.
[jenkins@geppetto ~]$
[jenkins@geppetto ~]$ ssh jenkins@cal-25
Last login: Fri May 23 11:24:01 2014 from geppetto.oma.be
[jenkins@cal-25 ~]$ exit
logout
Connection to cal-25 closed.
[jenkins@geppetto ~]$

[jenkins@geppetto ~]$

5

Ok I see now, ansible tries to login as root, despite passing a “-u jenkins”

6

I explicitly defined remote_user as jenkins, it still wants to use root, any ideas?:

`
[jenkins@geppetto ~]$ cat ~/.ansible.cfg
[defaults]
log_path=/home/jenkins/.ansible/var/log/ansible.log
remote_user = jenkins
sudo_user = root

[jenkins@geppetto ~]$ ansible -vvv cal-25 -m ping -u jenkins
ESTABLISH CONNECTION FOR USER: root on PORT 22 TO cal-25
cal-25 | FAILED => FAILED: Authentication failed.
[jenkins@geppetto ~]$ cat /home/jenkins/.ansible/var/log/ansible.log
2014-05-23 11:47:08,693 p=4285 u=jenkins |
2014-05-23 11:47:08,693 p=4285 u=jenkins | /opt/ansible/bin/ansible -vvv cal-25 -m ping -u jenkins
2014-05-23 11:47:08,694 p=4285 u=jenkins |
2014-05-23 11:47:08,755 p=4285 u=jenkins | ESTABLISH CONNECTION FOR USER: root on PORT 22 TO cal-25
2014-05-23 11:47:09,048 p=4285 u=jenkins | cal-25 | FAILED => FAILED: Authentication failed.
[jenkins@geppetto ~]$

`

7

What if you specify --ask-sudo-pass ?

8

No difference:

`
[jenkins@geppetto ~]$ ansible -vvv cal-25 -m ping -u jenkins --ask-sudo-pass
sudo password:
ESTABLISH CONNECTION FOR USER: root on PORT 22 TO cal-25
cal-25 | FAILED => FAILED: Authentication failed.
[jenkins@geppetto ~]$

`

Local sudo actions work with user jenkins, I don’t think the problem is there.

`
[root@cal-25 ~]# grep SOFTWARE /etc/sudoers
Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum

%sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS

jenkins ALL=(root) NOPASSWD: SOFTWARE
[root@cal-25 ~]# grep jenkins /etc/sudoers
#stuff for jenkins and ansible
jenkins ALL=(root) NOPASSWD: SOFTWARE
[root@cal-25 ~]#

`

Anyway thanks for looking into it Vincent and Serge

9

Which version of Ansible is this?

10

`
[jenkins@geppetto ~]$ ansible --version
ansible 1.7 (devel d314f1b038) last updated 2014/05/07 15:38:39 (GMT +200)
[jenkins@geppetto ~]$

`

11

What if you try with 1.6 ?

12

Just tried again with latest clone from git:

`
[jenkins@geppetto ~]$ ansible --version
ansible 1.7 (devel ee82681d14) last updated 2014/05/23 12:24:44 (GMT +200)
[jenkins@geppetto ~]$ ansible -vvv cal-25 -m ping -u jenkins
ESTABLISH CONNECTION FOR USER: root on PORT 22 TO cal-25
cal-25 | FAILED => FAILED: Authentication failed.
[jenkins@geppetto ~]$

`

13

1.6 Where can I find that? the version available in epel is 1.5.5 and on the site of ansible I only find ansible tower.

14

http://releases.ansible.com/ansible/

Also via pypi for installation with pip/easy_install

15

I’d check to see if you had defined ansible_ssh_user in inventory somewhere.

If setting the user didn’t work, I suspect we’d hear about it more, so I’m expecting this is something environmental.

(might you have something in your SSH config?)

16

Thanks michael,

ansible_ssh_user was set in the hosts file indeed.

Meanwhile I found also that inventory intentionally overrides commandline:
https://github.com/ansible/ansible/issues/4622