Hi,
I’m trying to connect to remote host through SSH and a Private Key to run a simple test to start working with Ansible to generate my inventories:
ansible -m ping -i hosts test1 -vvv
Hosts file have a simple configuration
[test]
test1 ansible_host=remote_host ansible_user=remote_user ansible_private_key_file=/var/jenkins_home/ansible/id_rsa
SSH is working fine to connect to remote server with this key:
jenkins@0bde7f6019a2:~/ansible$ ssh -i id_rsa remote_user@remote_host
Enter passphrase for key ‘id_rsa’:
Last login: Fri Jul 5 12:10:51 2019 from jenkins.jenkins_net
While trying to do the connection with ansible seems to have problems I can’t find or troubleshoot, the error indicates:
test1 | UNREACHABLE! => {
“changed”: false,
“msg”: “Failed to connect to the host via ssh: Control socket connect(/var/jenkins_home/.ansible/cp/45a4bb8b49): Connection refused\r\nFailed to connect to new control master”,
“unreachable”: true
}
Any help will or advice be appreciated.
Best regards,
Hi,
Run docker command with --net=host.
Thanks.
Thank you for your quick response, but where do you suggest to run it? In my case the element that has Ansible is a Docker container. Docker container have Jenkins and Ansible.
Ansible script doesn’t run any Docker command actually. Sorry is my question sounds dumb but I’m new to Docker and Ansible.
Best regards,
Hi,
When want to start a docker image as container means you have run a command like
docker run -d (image: version).
On there just add like this
docker run --net=host -d (image: version)
Then login to the docker using
docker exec command
Then execute your ansible playbook.
Is your ssh key password protected and if so did you configured forwarding in the ssh-agent or a similar work around?
Thank you, yes I have generated the key with a password, but didn’t configured it for the Ansible connection, now I’m searching how to do it, but if you have an example will be helpful.
Thank you again
I do not currently have an example of this or an environment to test it in, but a quick search turned up:
https://www.calazan.com/using-ssh-agent-forwarding-with-ansible/
You could also regenerate the key without a passphrase or fallback to UN/PW auth.
Out of curiosity are you running Jenkins and ansible in the same container or separate?
Same container.
Generating the certificate without passwords makes problems with ssh server.
I understand and do not disagree.
I would try the process noted on that link. Keep in mind that because you are in a container, you will need to add those to your dockerfile and reaping the container.
I’m presently using a main Jenkins container that starts ephemeral ansible/jnlp containers as executors which works great.
Thanks for the hint, I’ll start moving on with your suggestions. I’ll come back to documento t this and let you know.
Hi Robert, thanks for the advice and the link. I’ve tried the mentioned method and noticed there’s a directory known as "cp"on the route “/var/jenkins_home/.ansible” (yes, with a dot) where a file is generated while trying to connect to the remote server where generates a file named “45a4bb8b49”.
Is important to say that my working directory is “/var/jenkins_home/ansible (yes without a dot)”
So I’ve Changing the “ansible.cfg” file with the to add -o ControlPath=/home/jenkins/.ansible/cp/ansible-ssh-%h-%p-%r
After that I’ve noticed that the file was too long so I used the control_path_dir=/var/jenkins_home/.ansible/cp
So I’ve placed the configuration as -o ControlPath=%(directory)s/ansible-ssh-%h-%p-% now do not recognize something in the path and is returning:
test1 | UNREACHABLE! => {
“changed”: false,
“msg”: “Failed to connect to the host via ssh: percent_expand: unknown key %(”,
“unreachable”: true
}
All this is making me think about the ssh server side and the way it’s configured the ssh connection by default for ansible.
Stay tunned,
Ok the thing now is running, seems it needs to store on a temporal repository, mine was pointing to /var/jenkins/.ansible, so y generated a ansible.cfg with this configuration on the same folder where my hosts file is:
ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
control_path = /dev/shm/cp%%h-%%p-%%r
So pointing the control path to /dev/shm do the work, don’t forget to use -C on the ssh_args because it seems to use a particular compresion used for the ssh connection.
If iI’m wrong with something any feedback is appreciated.
Best regards,
Happy to hear its working for you!
ssh-agent likely gets a little tricky when in the container. I can’t speak to a better way to do this as I havent had to overcome the Passphrase-protected keys yet. That said, if you continue to have issues, let me know what OS Base you are using for the containers and I could spin up a test lab.
Kind Regards,
Robert Williams
At the same level where the host inventory is, create a file named ansible.cfg with the following:
[ssh_connection]
ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
control_path = /dev/shm/cp%%h-%%p-%%r
That will solve your problem