#15 Use ansible_connection=local for executor host
Merged 6 years ago by merlinm. Opened 6 years ago by stefw.
stefw/standard-test-roles local-executor  into  master

@@ -2,6 +2,7 @@ 

  - name: Add executor host

    add_host:

      name: executor

+     ansible_connection: local

      ansible_ssh_host: 127.0.0.1

      ansible_ssh_connection: local

  

We often don't have an SSH key for the local executor host. Lets
just use ansible_connection=local for simplicity here.

This is what I've seen:

TASK [standard-test-beakerlib : Gather facts] **********************************
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:+C1DDNG32xx0w65qUYFwHWbY14h2dWzSaoy3fpND3OA.
ECDSA key fingerprint is MD5:98:e6:88:4f:01:dd:1b:64:98:7a:54:a3:41:8a:9f:b7.
Are you sure you want to continue connecting (yes/no)? ^Cqemu-system-x86_64: terminating on signal 2
 [ERROR]: User interrupted execution

This testing seems to break testing on atomic for me. With the change listed here, when I use test_cloud.yml to test an atomic qcow2, the "executor" tasks run against the atomic host, instead of against the host calling ansible. I have yet to be prompted for a localhost ssh key using the live code... @merlinm have you?

I find this patch makes no difference for me. The beakerlib role "executor" tasks still run on the host calling ansible whether using test_cloud.yml to test an atomic qcow2 or test_docker.yml to test a docker image. I also tried it both with and without an SSH key configured for root on my control machine. It all works for me.

So, we need to figure what's going on that makes @stefw need this patch for things to work, @jbieren need to NOT have the patch to make things work, and @merlinm not matter.

Just to make sure, is everybody starting out with the standard-test-roles-1.0-1 package or a checkout of the 1.0 branch of the main standard-test-roles repo? Is there, by chance, some garbage in your root SSH known_hosts file that's tripping up the connect? Any other ideas?

@merlinm When you 'ssh root@localhost' does it proceed without authentication on your ansible executor host? If so, I would mv /root/.ssh/authorized_keys /tmp in order to reproduce the problem.

@stefw No, it asks for authentication as expected. With and without an SSH key configured for root on my executor host.

[root@test-runner ~]# ls -l /root/.ssh
total 8
-rw-------. 1 root root 1679 Apr 10 09:30 id_rsa
-rw-r--r--. 1 root root  414 Apr 10 09:30 id_rsa.pub
[root@test-runner ~]# ssh root@localhost
The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is SHA256:p5IeBob4K1xAbMRgZcdWOOdYCc8sONf2x8lChwlEORo.
ECDSA key fingerprint is MD5:46:e5:a3:4d:f6:ed:34:67:d5:1f:3d:a8:e8:c6:a1:9f.
Are you sure you want to continue connecting (yes/no)? ^C
[root@test-runner ~]# ssh root@127.0.0.1
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:p5IeBob4K1xAbMRgZcdWOOdYCc8sONf2x8lChwlEORo.
ECDSA key fingerprint is MD5:46:e5:a3:4d:f6:ed:34:67:d5:1f:3d:a8:e8:c6:a1:9f.
Are you sure you want to continue connecting (yes/no)? ^C
[root@test-runner ~]# mv /root/.ssh/id_rsa /root/.ssh/id_rsa- ; mv /root/.ssh/id_rsa.pub /root/.ssh/id_rsa.pub-
[root@test-runner ~]# ssh root@localhost
The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is SHA256:p5IeBob4K1xAbMRgZcdWOOdYCc8sONf2x8lChwlEORo.
ECDSA key fingerprint is MD5:46:e5:a3:4d:f6:ed:34:67:d5:1f:3d:a8:e8:c6:a1:9f.
Are you sure you want to continue connecting (yes/no)? ^C
[root@test-runner ~]# ssh root@127.0.0.1
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:p5IeBob4K1xAbMRgZcdWOOdYCc8sONf2x8lChwlEORo.
ECDSA key fingerprint is MD5:46:e5:a3:4d:f6:ed:34:67:d5:1f:3d:a8:e8:c6:a1:9f.
Are you sure you want to continue connecting (yes/no)? ^C
[root@test-runner ~]# 

However, ansible shouldn't be trying to use ssh at all for tasks on the executor host...

@stefw Can you show the playbook you are running to get stuck on that prompt?

@jbieren Here's my reproducer.

Use the unreleased master version of standard-test-roles:

$ sudo yum install standard-test-roles
$ sudo mv /etc/ansible/roles /etc/ansible/roles-bak
$ git clone https://pagure.io/standard-test-roles.git
$ sudo ln -s $PWD/standard-test-roles/roles /etc/ansible/roles

Have ansible 2.3.1:

$ rpm -q ansible
ansible-2.3.1.0-1.fc26.noarch

Now use a standard-roles-beakerlib based test:

$ git clone https://upstreamfirst.fedorainfracloud.org/coreutils.git
$ cd coretuils
$ sudo ansible-playbook test_local.yml
...
TASK [standard-test-beakerlib : Gather facts] **********************************
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:+C1DDNG32xx0w65qUYFwHWbY14h2dWzSaoy3fpND3OA.
ECDSA key fingerprint is MD5:98:e6:88:4f:01:dd:1b:64:98:7a:54:a3:41:8a:9f:b7.
Are you sure you want to continue connecting (yes/no)? yes
fatal: [localhost]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n", "unreachable": true}

It seems that the released version of standard-test-roles doesn't include 16abe0c61188230abaa53063216ce8f190395b15 yet? Maybe that's why it's hard to reproduce for people using released versions of standard-test-roles?

Thanks @stefw

I was able to reproduce the problem. I am currently testing with the ansible_connection=local added as this PR suggests, but instead of removing the existing lines as in this PR, I left those as well. I have yet to run into a problem with that config, but will update this later once I've done more testing.

BTW, the released version 1.0 of the standard-test-roles package does include commit 16abe0c61188230abaa53063216ce8f190395b15, and it can currently be found in the updates-testing repos.

I, too, was able to reproduce the issue when running the test_local.yml playbook directly.

@jbieren's suggestion to add ansible_connection=local without removing the ansible_ssh_host and ansible_ssh_connection lines resolves the problem for me.

@stefw, would you please update this PR to only add the new line without removing the existing lines as described above? I'd be happy to merge that.

rebased

6 years ago

Pull-Request has been merged by merlinm

6 years ago
Metadata