Stumped on ssh not connecting

Archives Ansible Project
1

Hi List,

Somehow, my connections are no longer working:

mmaas@xmgtansible:~/playbooks$ ansible xmon* -m ping -vvvvvvv
sudo password:
ESTABLISH CONNECTION FOR USER: mmaas on PORT 22 TO xmonopsdb
ESTABLISH CONNECTION FOR USER: mmaas on PORT 22 TO xmonopsodw
ESTABLISH CONNECTION FOR USER: mmaas on PORT 22 TO xmonopssla00
ESTABLISH CONNECTION FOR USER: mmaas on PORT 22 TO xmonopssla01
ESTABLISH CONNECTION FOR USER: mmaas on PORT 22 TO xmonopssla02
ESTABLISH CONNECTION FOR USER: mmaas on PORT 22 TO xmonopsview
EXEC /bin/sh -c ‘mkdir -p $HOME/.ansible/tmp/ansible-1375083617.76-143841822637118 && chmod a+rx $HOME/.ansible/tmp/ansible-1375083617.76-143841822637118 && echo $HOME/.ansible/tmp/ansible-1375083617.76-143841822637118’
REMOTE_MODULE ping
PUT /tmp/tmpouZyE3 TO /home/mmaas/.ansible/tmp/ansible-1375083617.76-143841822637118/ping
EXEC /bin/sh -c ‘sudo -k && sudo -Hi -S -p “[sudo via ansible, key=orhcvgztjluqppbzpcboflfrywubyped] password: " -u root /bin/sh -c '”’“‘/usr/bin/python /home/mmaas/.ansible/tmp/ansible-1375083617.76-143841822637118/ping; rm -rf /home/mmaas/.ansible/tmp/ansible-1375083617.76-143841822637118/ >/dev/null 2>&1’”‘"’’
EXEC /bin/sh -c ‘mkdir -p $HOME/.ansible/tmp/ansible-1375083617.86-140232694405593 && chmod a+rx $HOME/.ansible/tmp/ansible-1375083617.86-140232694405593 && echo $HOME/.ansible/tmp/ansible-1375083617.86-140232694405593’
REMOTE_MODULE ping
PUT /tmp/tmpGPXxF7 TO /home/mmaas/.ansible/tmp/ansible-1375083617.86-140232694405593/ping
EXEC /bin/sh -c ‘mkdir -p $HOME/.ansible/tmp/ansible-1375083617.92-15012722398254 && chmod a+rx $HOME/.ansible/tmp/ansible-1375083617.92-15012722398254 && echo $HOME/.ansible/tmp/ansible-1375083617.92-15012722398254’
REMOTE_MODULE ping
PUT /tmp/tmpAqgHhA TO /home/mmaas/.ansible/tmp/ansible-1375083617.92-15012722398254/ping
EXEC /bin/sh -c ‘sudo -k && sudo -Hi -S -p “[sudo via ansible, key=grlnopgxkebmajwdhdabffihptfyetdf] password: " -u root /bin/sh -c '”’“‘/usr/bin/python /home/mmaas/.ansible/tmp/ansible-1375083617.86-140232694405593/ping; rm -rf /home/mmaas/.ansible/tmp/ansible-1375083617.86-140232694405593/ >/dev/null 2>&1’”‘"’’
EXEC /bin/sh -c ‘mkdir -p $HOME/.ansible/tmp/ansible-1375083617.89-30950835468403 && chmod a+rx $HOME/.ansible/tmp/ansible-1375083617.89-30950835468403 && echo $HOME/.ansible/tmp/ansible-1375083617.89-30950835468403’
EXEC /bin/sh -c ‘sudo -k && sudo -Hi -S -p “[sudo via ansible, key=dgwzpoedxmsjdjrwdtenqzwmuyrisokk] password: " -u root /bin/sh -c '”’“‘/usr/bin/python /home/mmaas/.ansible/tmp/ansible-1375083617.92-15012722398254/ping; rm -rf /home/mmaas/.ansible/tmp/ansible-1375083617.92-15012722398254/ >/dev/null 2>&1’”‘"’’
REMOTE_MODULE ping
PUT /tmp/tmpT4HiP_ TO /home/mmaas/.ansible/tmp/ansible-1375083617.89-30950835468403/ping
EXEC /bin/sh -c ‘sudo -k && sudo -Hi -S -p “[sudo via ansible, key=drhubaozepnriuxnkmtzahxdbkqygtpq] password: " -u root /bin/sh -c '”’“‘/usr/bin/python /home/mmaas/.ansible/tmp/ansible-1375083617.89-30950835468403/ping; rm -rf /home/mmaas/.ansible/tmp/ansible-1375083617.89-30950835468403/ >/dev/null 2>&1’”‘"’’
EXEC /bin/sh -c ‘mkdir -p $HOME/.ansible/tmp/ansible-1375083617.99-157273813210982 && chmod a+rx $HOME/.ansible/tmp/ansible-1375083617.99-157273813210982 && echo $HOME/.ansible/tmp/ansible-1375083617.99-157273813210982’
REMOTE_MODULE ping
EXEC /bin/sh -c ‘mkdir -p $HOME/.ansible/tmp/ansible-1375083617.96-269702588408569 && chmod a+rx $HOME/.ansible/tmp/ansible-1375083617.96-269702588408569 && echo $HOME/.ansible/tmp/ansible-1375083617.96-269702588408569’
PUT /tmp/tmpsk3uBg TO /home/mmaas/.ansible/tmp/ansible-1375083617.99-157273813210982/ping
REMOTE_MODULE ping
PUT /tmp/tmpQ8SFwO TO /home/mmaas/.ansible/tmp/ansible-1375083617.96-269702588408569/ping
EXEC /bin/sh -c ‘sudo -k && sudo -Hi -S -p “[sudo via ansible, key=gykqtisihmptheecdbwdzyqjofacwmpm] password: " -u root /bin/sh -c '”’“‘/usr/bin/python /home/mmaas/.ansible/tmp/ansible-1375083617.99-157273813210982/ping; rm -rf /home/mmaas/.ansible/tmp/ansible-1375083617.99-157273813210982/ >/dev/null 2>&1’”‘"’’
EXEC /bin/sh -c ‘sudo -k && sudo -Hi -S -p “[sudo via ansible, key=hbdsncryzoxrfwdpkrxwocyobwntmdgz] password: " -u root /bin/sh -c '”’“‘/usr/bin/python /home/mmaas/.ansible/tmp/ansible-1375083617.96-269702588408569/ping; rm -rf /home/mmaas/.ansible/tmp/ansible-1375083617.96-269702588408569/ >/dev/null 2>&1’”‘"’’

As you can see, the connection works, and the ping module is copied. It’s just never executed for some reason.

When I do this, there is no problem:

mmaas@xmgtansible:~/playbooks$ ssh xmonopsview uname -a
Linux xmonopsview 2.6.32-46-server #107-Ubuntu SMP Fri Mar 22 20:30:21 UTC 2013 x86_64 GNU/Linux

But issuing this just hangs after giving my Sudo password:

mmaas@xmgtansible:~/playbooks$ ansible xmonopsview -m shell -a “uname -a”
sudo password:

I’m stumped…

Any suggestions?

Thanks,
Mark

2

Running the command locally is fine as well:

mmaas@xmonopsview:~/.ansible/tmp/ansible-1375084331.82-269294295788411$ python ./ping
{“changed”: false, “ping”: “pong”}

I can see the authlog says the command is being sent and immediatly closes the connection:

Jul 29 09:52:11 xmonopsview sshd[832]: Accepted publickey for mmaas from 10.125.14.80 port 37639 ssh2
Jul 29 09:52:11 xmonopsview sshd[832]: pam_unix(sshd:session): session opened for user mmaas by (uid=0)
Jul 29 09:52:12 xmonopsview sshd[896]: subsystem request for sftp
Jul 29 09:52:12 xmonopsview sudo: mmaas : TTY=pts/1 ; PWD=/home/mmaas ; USER=root ; COMMAND=/bin/bash -c /bin/sh -c /usr/bin/python /home/mmaas/.ansible/tmp/ansible-1375084331.82-269294295788411/ping; rm -rf /home/mmaas/.ansible/tmp/ansible-1375084331.82-269294295788411/ >/dev/null 2>&1
Jul 29 09:52:13 xmonopsview sshd[832]: pam_unix(sshd:session): session closed for user mmaas

But the temporary ansible directory is never actually deleted )Nor is ping executed)

Still lost…

Mark

3

I found it, but I believe this to be a bug:

In our /etc/ansible/ansible.cfg we’ve had this setup since last friday;

the default flags passed to sudo

sudo_flags=-Hi

Which makes sure the environment of sudo-'d user get’s loaded when we are running commands. (-i)
But with a lot of Ubuntu servers, this silently fails. No error’s anywhere.

I had a hunch and removed the “-i” and it all started to work again.

4

Docs say:

-i [command]
The -i (simulate initial login) option runs the shell
specified by the password database entry of the target user
as a login shell. This means that login-specific resource
files such as .profile or .login will be read by the shell.
If a command is specified, it is passed to the shell for
execution via the shell’s -c option. If no command is
specified, an interactive shell is executed. sudo attempts
to change to that user’s home directory before running the
shell. The security policy shall initialize the
environment to a minimal set of variables, similar to what
is present when a user logs in. The Command Environment
section in the sudoers(5) manual documents how the -i
option affects the environment in which a command is run
when the sudoers policy is in use.

Perhaps this is because the shell is closing before it could run the command?

What output did Ansible give you after what you pasted? What I have above was cut off after the debug statements.

Thanks!

5

Hi Michael,

Nothing… That was my surprise as well. Ansible just waited. And would have kept waiting until I would press CTRL-c to abort the whole thing.

Mark