Issue running playbook with ansible-navigator vs ansible-playbook

mjbright · April 2, 2024, 2:00pm

Playbook fails when using ansible-navigator but works when using ansible-playbook

Forgive me if something simple. I normally only deal with network equipment, but I do have a few linux servers setup in a lab that I use for testing. I’m working on converting all of my playbooks over to use execution environments rather than virtual environments. I have the below simple playbook named testee.yml

---
- name: Test EE
  hosts: labpostgresqlpri
  gather_facts: true
  become: true

  tasks:
    - name: Display Facts
      ansible.builtin.debug:
        msg: "{{ ansible_facts }}"

When running the playbook with the below command in my venv, everything works fine and facts are gathered

ansible-playbook testee.yml

However, if I run the playbook with command

ansible-navigator run testee.yml

I get the below error

 "msg": "Failed to connect to the host via ssh: Warning: Permanently added '10.157.30.10' (ED25519) to the list of known hosts.\r\nmuxserver_listen: link mux listener /runner/.ansible/cp/f14c1f486c.gJF2W84mz59ox16y => /runner/.ansible/cp/f14c1f486c: Bad file descriptor"

Full Error Output

<10.157.30.10> ESTABLISH SSH CONNECTION FOR USER: mjbright
<10.157.30.10> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/home/runner/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="mjbright"' -o ConnectTimeout=10 -o 'ControlPath="/runner/.ansible/cp/f14c1f486c"' 10.157.30.10 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /tmp `"&& mkdir "` echo /tmp/ansible-tmp-1712064682.7009747-20-45230970465614 `" && echo ansible-tmp-1712064682.7009747-20-45230970465614="` echo /tmp/ansible-tmp-1712064682.7009747-20-45230970465614 `" ) && sleep 0'"'"''
<10.157.30.10> (255, b'', b"Warning: Permanently added '10.157.30.10' (ED25519) to the list of known hosts.\r\nmuxserver_listen: link mux listener /runner/.ansible/cp/f14c1f486c.gJF2W84mz59ox16y => /runner/.ansible/cp/f14c1f486c: Bad file descriptor\r\n")
fatal: [labpostgresqlpri]: UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: Warning: Permanently added '10.157.30.10' (ED25519) to the list of known hosts.\r\nmuxserver_listen: link mux listener /runner/.ansible/cp/f14c1f486c.gJF2W84mz59ox16y => /runner/.ansible/cp/f14c1f486c: Bad file descriptor",
    "unreachable": true
}

Ansible Version

ansible-playbook [core 2.15.5]
  config file = /Users/mjbright/Documents/projects/production_projects/ansible/tb_server_mgmt/ansible.cfg
  configured module search path = ['/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.9/site-packages/ansible
  ansible collection location = /runner/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible-playbook
  python version = 3.9.16 (main, Sep 12 2023, 00:00:00) [GCC 11.3.1 20221121 (Red Hat 11.3.1-4)] (/usr/bin/python3)
  jinja version = 3.1.2
  libyaml = True

I have searched high and low and can’t find anything referencing this error. What does this error mean? Host is an Ubuntu Server

Denney-tech · April 2, 2024, 2:44pm

Why are you getting Windows newlines \r\n? That’s really weird. Are you running this from WSL?

mjbright · April 2, 2024, 3:38pm

Running on MacOS. Apologies, forgot to mention that.

TheSpy0 · April 15, 2024, 1:51pm

If you haven’t looked at the Ansible Navigator FAQ page, you might check there to see if there’s anything that’s helpful for you. I’m wondering if there’s an issue with your SSH keys not being passed to the execution environment like they’re supposed to be.

SilentRhetoric · July 8, 2024, 12:57am

I get this same error when trying to complete the tutorial at https://ansible.readthedocs.io/en/latest/getting_started_ee/run_execution_environment/#run-against-a-remote-target.

fatal: [192.168.1.198]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '192.168.1.198' (ED25519) to the list of known hosts.\r\npi@192.168.1.198: Permission denied (publickey,password).", "unreachable": true}

iyami5 · July 8, 2024, 12:38pm

Are you using ssh-add or passing a password when you ssh?

SilentRhetoric · July 9, 2024, 12:01am

Following the tutorial to the letter:

Denney-tech · July 9, 2024, 2:30pm

You’re getting a different error than OP. Instead of “Bad file descriptor”, you’re getting “permission denied”; meaning it doesn’t trust your ssh key. This means that you skipped a step (or the tutorial you’re using missed a step) to add your ssh public key to the remote user’s authorized_keys file.

In your snippit, you can ssh-copy-id pi@192.168.1.198 to remedy this. If you don’t have that command, cat ~/.ssh/id_ed25519.pub, copy the output, ssh pi@192.168.1.198 append the public key contents to authorized_keys echo {paste contents from earlier} >> ~/.ssh/authorized_keys.

Then try the playbook again.

SilentRhetoric · July 9, 2024, 10:08pm

To be clear, I get the same “Bad file descriptor” error like OP if I follow the steps on the page I linked, with the error arising after Step 4.

After following your steer to follow the SSH key forwarding approach just below Step 4, then it produces the different “Permission denied” error I screenshotted just above your last reply.

Both of these things are true.

Now, if I do ssh-copy-id I am told that the keys are already on the remote system:

I can also confirm this by visually inspecting the authorized_keys list on 192.168.1.198.

So I’m still stuck and neither approach on the Running your EE page works, with each approach producing one error or the other.

Denney-tech · July 10, 2024, 1:21pm

Are you also running from MacOS like @mjbright?

There appears to be a known issue between ansible-navigator and ssh-agent, possibly due to an underlying issue with docker and MacOS.

SSH Agent Forwarding With MacOS and Docker Desktop · Issue #1591 · ansible/ansible-navigator (github.com)

Mac - ssh-agent forwarding - ee container asks ssh key passphrase · Issue #1623 · ansible/ansible-navigator (github.com)

SilentRhetoric · July 10, 2024, 6:15pm

Yep, MacOS + Docker.

Thanks for connecting the dots to those issues. Discouraging to see that they’ve sat for nearly a year.

Feel free to tag me if those get resolved and I’d be happy to give Ansible another try.

Until next time

iyami5 · July 10, 2024, 6:17pm

You can still use ansible. That’s just a specific issue with Docker and MacOS. I haven’t checked and see if it works with podman.

SilentRhetoric · July 10, 2024, 6:58pm

Would be more accurately stated as

iyami5 · July 10, 2024, 7:00pm

Sure, was just pointing that part out.