Ansible multiple SSH logins

Hi,

I think I have a configuration problem, but I’m not sure what to search on to find an answer. I’ve tried ‘wtmp’ or ‘last’ or ‘lots of ssh logins’, but I don’t find quite what I’m looking for. So I think a question and an example might be easiest.

We have an ‘ansible’ user on our Ansible clients that the server logs into using SSH, and then sudos to run playbooks, etc.

Whenever Ansible runs (as you can see below), that ansible user logs in many, many times to run playbooks, and fills up the wtmp/lastlog so that every time I log in and run ‘last’, I have to filter out the ‘ansible’ user.

I’m not sure what configuration options might be influencing this, whether it might be accelerate, pipelining, etc.

If anyone’s seen this before and has figured it out, I’d love a tip to get me going in the right direction. Or, if this is normal behavior, that’d be useful information, too.

Thanks,
Matt

An example from one machine and one ansible run:
`
ansible pts/0 <source_host> Mon Dec 1 21:08 - 21:08 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:08 - 21:08 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:08 - 21:08 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:08 - 21:08 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:08 - 21:08 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:08 - 21:08 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:08 - 21:08 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:08 - 21:08 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:08 - 21:08 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:08 - 21:08 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:08 - 21:08 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:07 - 21:07 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:07 - 21:07 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:07 - 21:07 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:07 - 21:07 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:07 - 21:07 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:07 - 21:07 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:07 - 21:07 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:07 - 21:07 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:07 - 21:07 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:07 - 21:07 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:07 - 21:07 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:07 - 21:07 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:06 - 21:06 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:06 - 21:06 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:06 - 21:06 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:06 - 21:06 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:06 - 21:06 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:06 - 21:06 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:06 - 21:06 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:06 - 21:06 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:06 - 21:06 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:05 - 21:05 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:05 - 21:05 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:05 - 21:05 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:05 - 21:05 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:05 - 21:05 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:05 - 21:05 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:05 - 21:05 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:04 - 21:04 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:04 - 21:04 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:04 - 21:04 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:04 - 21:04 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:04 - 21:04 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:03 - 21:03 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:03 - 21:03 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:03 - 21:03 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:03 - 21:03 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:03 - 21:03 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:03 - 21:03 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:03 - 21:03 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:03 - 21:03 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:03 - 21:03 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:03 - 21:03 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:03 - 21:03 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:02 - 21:02 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:02 - 21:02 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:02 - 21:02 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:02 - 21:02 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:02 - 21:02 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:02 - 21:02 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:02 - 21:02 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:02 - 21:02 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:02 - 21:02 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:02 - 21:02 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:02 - 21:02 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:02 - 21:02 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:02 - 21:02 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:02 - 21:02 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:01 - 21:01 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:01 - 21:01 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:01 - 21:01 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:01 - 21:01 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:01 - 21:01 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:01 - 21:01 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:01 - 21:01 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:01 - 21:01 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:01 - 21:01 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:01 - 21:01 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:01 - 21:01 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:01 - 21:01 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:00 - 21:00 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:00 - 21:00 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:00 - 21:00 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:00 - 21:00 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:00 - 21:00 (00:00)
ansible pts/0 <source_host> Mon Dec 1 21:00 - 21:00 (00:00)

`

I imagine what you are in need of is ControlPath, ControlMaster, ControlPersist.

Those should be the default if you are using the ‘ssh’ transport. Using the ‘paramiko’ transport will not invoke those options.

What OS and OpenSSH client version do you have on the control machine?

You should additionally be able to determine if you are using paramiko or ssh using -vvvv

Also, do you have any ssh_args set in ansible.cfg or via ANSIBLE_SSH_ARGS?

I have a similar situation, every ansible action causes a line to be added to the output of “last”.
When updating multiple users this overwhelms the “normal” users. I tried “-vvvv” and it did show
that ControlPath etc. are being set:

… EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath=“/work/impulse/impulsys/.ansible/cp/ansible-ssh-%h-%p-%r” …

(This is for an ad hoc command.)

Must ansible always invoke ssh with the -tt option? If no terminal is allocated then also no wtmp
entry is written.

For the time being I’ve patched openssh not to wtmp the ansible user (I was distributing an own
copy of openssh anyway as we’re using RHEL5 (actually Oracle Linux 5) and needed some
functionality not provided with the stock openssh in addition to security updates.).