Ansible Lab Setup

Hello

I am trying to setup a home lab to support an Ansible course I am taking on Udemy. I am following the procedures from the instructor, who seems to not support his course anymore via Q&A. I am struggling with the ssh part to get a ping to the target VM’s. New to both Ansible and Ubuntu and always seem to struggle with keys in linux configs.

Here is my setup:

Windows 11 computer using VMware Workstation for the VM’s. The VM’s are Ubuntu VM’s. VM’s as of now are:

Control3 (where ansible is)

User is ansible on both control3 and db02

The course has an ansible directory in /home/ansible directory which I have.

There is also a .ssh directory there with the key files and authorized_hosts file

db02 (for a target system, will do more when I get ping to work)

Running ansible –list-hosts all does give me the list of hosts so that seems fine.

I am able to ssh into both control and db02 from my Windows 11 computer

There were procedures in the course to generate ssh-keygen -t rsa then to past the contents of the public file to an authorized_hosts file on I am assuming the control computer. I have done that with also doing generate ssh-keygen -t ecdsa

From the control3 I then run ansible -m ping db02 (right now just one host for the target until I get that to work) I get the following:

The authenticity of host ‘db02 (192.168.42.141)’ can’t be established.

ECDSA key fingerprint is 5b:ae:e0:a7:9c:08:85:0c:ec:60:e2:77:e6:d0:f3:67.

Are you sure you want to continue connecting (yes/no)? no

db02 | UNREACHABLE! => {

“changed”: false,

“msg”: “Failed to connect to the host via ssh: Host key verification failed.”,

“unreachable”: true

}

I am entering no right now as in the past when I hit yes it still didn’t work.

What am I doing wrong here?

Thanks.

2 things.

  1. You need to generate your ssh private/public key pair on control3, and add the public key to authorized_keys on each host that is remote to your ansible control node. (db02)
  2. Your specific error message is telling you that control3 doesn’t know db02’s ssh host key and asking if you want to continue anyways. This is an ssh message, not an Ansible one, but can generally be ignored in lab environments. You’ll need to disable strict host key checking for ssh. This is easy enough to do in your ansible.cfg:
[defaults]
host_key_checking = false
1 Like

Thanks. I added the host_key_checking = false to the ansible.cfg file and retried but still get error:

ansible@control3:/etc/ansible$ sudo ansible -m ping db02
db02 | UNREACHABLE! => {
“changed”: false,
“msg”: “Failed to connect to the host via ssh: Permission denied (publickey,password).”,
“unreachable”: true
}

I did a ssh to db02 from control3 and that worked per below:
ansible@control3:/etc/ansible$ ssh ansible@192.168.42.141
Welcome to Ubuntu 14.04.6 LTS (GNU/Linux 4.4.0-142-generic x86_64)

  • Documentation:

System information as of Mon Apr 8 13:02:27 EDT 2024

System load: 0.0 Memory usage: 2% Processes: 177
Usage of /: 20.9% of 5.78GB Swap usage: 0% Users logged in: 0

Graph this data and manage this system at:
https://landscape.canonical.com/

40 packages can be updated.
30 updates are security updates.

New release ‘16.04.7 LTS’ available.
Run ‘do-release-upgrade’ to upgrade to it.

Your Hardware Enablement Stack (HWE) is supported until April 2019.
Last login: Mon Apr 8 12:54:03 2024 from control3
ansible@db02:~$

You should pretty much never sudo ansible. This changed your authentication context to root@control3 and without specifying any user, ansible will try to connect to root@db02 instead of the expected ansible@db02.

If you specified -u/--user ansible, it would probably still fail because ansible will be trying to use root@control3’s ssh keys instead of ansible@control3’s.

3 Likes

Thanks for the help.

I wondered about that. Part of the problem is I am confused on how the instructor setup and on what computers.

So when I run the command with out sudo I get:

db02 | FAILED! => {
“msg”: “Cannot write to ControlPath /home/ansible/.ansible/cp”

There is a /home/ansible/.ansible/cp with these properties:

drwx------ 4 ansible ansible 4096 Apr 8 10:29 ./
drwxr-xr-x 6 ansible ansible 4096 Apr 8 14:26 …/
drwx------ 2 root root 4096 Apr 8 10:29 cp/
drwx------ 2 ansible ansible 4096 Apr 8 14:26 tmp/

Where should my ansible directories be?

That might be because cp is owned by root. sudo chown -R ansible:ansible /home/ansible

1 Like

YES!! I think that was it as far as the ping goes. Did a couple of others steps but I think that got me to good pings!

ansible@control3:~$ ansible -m ping all
control3 | SUCCESS => {
** “ansible_facts”: {**
** “discovered_interpreter_python”: “/usr/bin/python”**
** },**
** “changed”: false,**
** “ping”: “pong”**
}
web03 | SUCCESS => {
** “ansible_facts”: {**
** “discovered_interpreter_python”: “/usr/bin/python”**
** },**
** “changed”: false,**
** “ping”: “pong”**
}
db02 | SUCCESS => {
** “ansible_facts”: {**
** “discovered_interpreter_python”: “/usr/bin/python”**
** },**
** “changed”: false,**
** “ping”: “pong”**

Now the command
ansible@control3:~$ ansible -m command -a “hostname”
returns which I assume is good:

control3 | CHANGED | rc=0 >>
control3
web03 | CHANGED | rc=0 >>
web03
db02 | CHANGED | rc=0 >>
db02

On I go. Thanks for the help, very much appreciated.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.