Trying to connect master host Ansible to target HP-UX 11.31 ia64 server

Hi!

After tuning connect from master ansible server to target HP-UX server (HP-UX 11.31 ia64 server with installed Python 2.7.16) by SSH (ssh HPUX - without password), i try a test:

ssh hp-ux
(get connected without password)

and next:
ansible hpux -m ping

I get an error:

hpux | UNREACHABLE! => {
“changed”: false,
“msg”: “Authentication or permission failure. In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted in "/tmp". Failed command was: ( umask 77 && mkdir -p "echo /tmp/ansible/ansible-tmp-1566126836.8-256406273673570" && echo ansible-tmp-1566126836.8-256406273673570="echo /tmp/ansible/ansible-tmp-1566126836.8-256406273673570" ), exited with result 235, stdout output: ansible-tmp-1566126836.8-256406273673570=/tmp/ansible/ansible-tmp-1566126836.8-256406273673570\n”,
“unreachable”: true
}

I think so it may be syntax error of remote command by ssh for HP-UX shell… Is it so or not? Anyone can help me?

Hi!

Hi!
After tuning connect from master ansible server to target HP-UX server
(HP-UX 11.31 ia64 server with installed Python 2.7.16) by SSH (ssh HPUX -
without password), i try a test:

ssh hp-ux
(get connected without password)

and next:
ansible hpux -m ping

I get an error:
hpux | UNREACHABLE! => {
    "changed": false,
    "msg": "Authentication or permission failure. In some cases, you may
have been able to authenticate and did not have permissions on the target
directory. Consider changing the remote tmp path in ansible.cfg to a path
rooted in \"/tmp\". Failed command was: ( umask 77 && mkdir -p \"` echo
/tmp/ansible/ansible-tmp-1566126836.8-256406273673570 `\" && echo
ansible-tmp-1566126836.8-256406273673570=\"` echo
/tmp/ansible/ansible-tmp-1566126836.8-256406273673570 `\" ), exited with
result 235, stdout output:
ansible-tmp-1566126836.8-256406273673570=/tmp/ansible/ansible-tmp-1566126836.8-256406273673570\n",
    "unreachable": true
}

I think so it may be syntax error of remote command by ssh for HP-UX
shell.... Is it so or not? Anyone can help me?

The problem is "permission failure". You are not able to write to
DEFAULT_LOCAL_TMP (see
https://docs.ansible.com/ansible/latest/reference_appendices/config.html#default-local-tmp).

Default value is "~/.ansible/tmp". You might want to log to the remote and
fix the permissions, or, as suggested in the message, "Consider changing the
remote tmp path in ansible.cfg to a path rooted in "/tmp".

There are security implications of who will be able to read the tmp files
created by Ansible (see
https://docs.ansible.com/ansible/latest/user_guide/become.html#becoming-an-unprivileged-user).

In this case you might want to use pipelining. Quoting from the link above:
"Use pipelining. When pipelining is enabled, Ansible doesn’t save the module
to a temporary file on the client. Instead it pipes the module to the remote
python interpreter’s stdin. Pipelining does not work for python modules
involving file transfer (for example: copy, fetch, template), or for
non-python modules."

Cheers,

  -vlado

Errata:
The problem is "permission failure". You are not able to write to "remote_tmp"
https://docs.ansible.com/ansible/2.4/intro_configuration.html#remote-tmp

See:
Failure using become on HP-UX: Failed to set file mode on remote files #18391
https://github.com/ansible/ansible/issues/18391

Hi, Vladimir!

I have some question:

1.I normalized all TMP to /tmp/ansible everywhere in ansible.conf. I connect to hp-ux by root user with authorized_keys (on hp-ux side) and root not root privelegies in /tmp/ansible after connect? Error : “Authentication or permission failure. In some cases, you may have been able to authenticate and did not have permissions…” still the same.

2.After setting pipelining = True in ansible.conf, i get no answer from hp-ux host:

[root@ansible ~]# ansible -vvv integrity -m ping
ansible 2.8.2
config file = /etc/ansible/ansible.cfg
configured module search path = [u’/root/.ansible/plugins/modules’, u’/usr/share/ansible/plugins/modules’]
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Jun 20 2019, 20:27:34) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
Using /etc/ansible/ansible.cfg as config file
host_list declined parsing /etc/ansible/hosts as it did not pass it’s verify_file() method
script declined parsing /etc/ansible/hosts as it did not pass it’s verify_file() method
auto declined parsing /etc/ansible/hosts as it did not pass it’s verify_file() method
[DEPRECATION WARNING]: The TRANSFORM_INVALID_GROUP_CHARS settings is set to allow bad characters in group names by default, this
will change, but still be user configurable on deprecation. This feature will be removed in version 2.10. Deprecation warnings can
be disabled by setting deprecation_warnings=False in ansible.cfg.
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details

Parsed /etc/ansible/hosts inventory source with ini plugin
META: ran handlers
Using module file /usr/lib/python2.7/site-packages/ansible/modules/system/ping.py
Pipelining is enabled.
ESTABLISH SSH CONNECTION FOR USER: root
SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ‘User=“root”’ -o ConnectTimeout=10 -o ControlPath=/tmp/ansible/cp/5b8e4f6a37 hpux ‘/bin/sh -c ‘"’"’/usr/local/bin/python2.7 && sleep 0’"’

…And no errors…no output… nothing…

I can't help you. Sorry. The issue is still open. It's a bug. You might want
to go trough all the details in the issue and contribute there.

"Failure using become on HP-UX:Failed to set file mode on remote files #18391"
https://github.com/ansible/ansible/issues/18391

FYI, HPUX is not among the supported managed nodes
https://access.redhat.com/articles/3168091

Cheers,

  -vlado