I posted this yesterday, but have yet to see it show up in the forum:
I have the following in one of my playbooks:
- name: “Copy SSH keys”
command: sshpass -f ~/temp.pass ssh-copy-id -i ~/.ssh/id_rsa.pub {{ ansible_user }}@{{ item }}
with_flattened:
-
groups.worker
-
groups.proxy
when: item not in groups.master
with this inventory file:
[master]
9.42.23.241 kubelet_extra_args=‘[“–eviction-hard=memory.available<100Mi,nodefs.available<2Gi,nodefs.inodesFree<5%”, “–image-gc-high-threshold=100%”, “–image-gc-low-threshold=100%”]’
[worker]
9.42.23.147
[proxy]
9.42.23.241 kubelet_extra_args=‘[“–eviction-hard=memory.available<100Mi,nodefs.available<2Gi,nodefs.inodesFree<5%”, “–image-gc-high-threshold=100%”, “–image-gc-low-threshold=100%”]’
[management]
9.42.23.241 kubelet_extra_args=‘[“–eviction-hard=memory.available<100Mi,nodefs.available<2Gi,nodefs.inodesFree<5%”, “–image-gc-high-threshold=100%”, “–image-gc-low-threshold=100%”]’
This works fine when I run on an Ubuntu 16.04 system, but when I run on RHEL 7.4, I get:
failed: [9.42.23.241] (item=groups.worker) => {“changed”: true, “cmd”: [“sshpass”, “-f”, “~/temp.pass”, “ssh-copy-id”, “-i”, “~/.ssh/id_rsa.pub”, “root@groups.worker”], “delta”: “0:00:00.128010”, “end”: “2018-01-11 12:55:19.491284”, “failed”: true, “item”: “groups.worker”, “msg”: “non-zero return code”, “rc”: 1, “start”: “2018-01-11 12:55:19.363274”, “stderr”: “/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"\n/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed\n\n/usr/bin/ssh-copy-id: ERROR: ssh: Could not resolve hostname groups.worker: Name or service not known”, “stderr_lines”: [“/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"”, “/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed”, “”, “/usr/bin/ssh-copy-id: ERROR: ssh: Could not resolve hostname groups.worker: Name or service not known”], “stdout”: “”, “stdout_lines”: }
failed: [9.42.23.241] (item=groups.proxy) => {“changed”: true, “cmd”: [“sshpass”, “-f”, “~/temp.pass”, “ssh-copy-id”, “-i”, “~/.ssh/id_rsa.pub”, “root@groups.proxy”], “delta”: “0:00:00.122724”, “end”: “2018-01-11 12:55:19.942384”, “failed”: true, “item”: “groups.proxy”, “msg”: “non-zero return code”, “rc”: 1, “start”: “2018-01-11 12:55:19.819660”, “stderr”: “/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"\n/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed\n\n/usr/bin/ssh-copy-id: ERROR: ssh: Could not resolve hostname groups.proxy: Name or service not known”, “stderr_lines”: [“/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"”, “/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed”, “”, “/usr/bin/ssh-copy-id: ERROR: ssh: Could not resolve hostname groups.proxy: Name or service not known”], “stdout”: “”, “stdout_lines”: }
to retry, use: --limit @/root/ansible/deploy.retry
As you can see, groups.workers and groups.proxy are taken as literal strings and are the IP addresses are not substituted. Should I be doing this another way?
