5f7caaf
@@ -2,6 +2,7 @@
- name: Add executor host
add_host:
name: executor
+ ansible_connection: local
ansible_ssh_host: 127.0.0.1
ansible_ssh_connection: local
We often don't have an SSH key for the local executor host. Lets just use ansible_connection=local for simplicity here.
This is what I've seen:
TASK [standard-test-beakerlib : Gather facts] ********************************** The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established. ECDSA key fingerprint is SHA256:+C1DDNG32xx0w65qUYFwHWbY14h2dWzSaoy3fpND3OA. ECDSA key fingerprint is MD5:98:e6:88:4f:01:dd:1b:64:98:7a:54:a3:41:8a:9f:b7. Are you sure you want to continue connecting (yes/no)? ^Cqemu-system-x86_64: terminating on signal 2 [ERROR]: User interrupted execution
This testing seems to break testing on atomic for me. With the change listed here, when I use test_cloud.yml to test an atomic qcow2, the "executor" tasks run against the atomic host, instead of against the host calling ansible. I have yet to be prompted for a localhost ssh key using the live code... @merlinm have you?
I find this patch makes no difference for me. The beakerlib role "executor" tasks still run on the host calling ansible whether using test_cloud.yml to test an atomic qcow2 or test_docker.yml to test a docker image. I also tried it both with and without an SSH key configured for root on my control machine. It all works for me.
So, we need to figure what's going on that makes @stefw need this patch for things to work, @jbieren need to NOT have the patch to make things work, and @merlinm not matter.
Just to make sure, is everybody starting out with the standard-test-roles-1.0-1 package or a checkout of the 1.0 branch of the main standard-test-roles repo? Is there, by chance, some garbage in your root SSH known_hosts file that's tripping up the connect? Any other ideas?
@merlinm When you 'ssh root@localhost' does it proceed without authentication on your ansible executor host? If so, I would mv /root/.ssh/authorized_keys /tmp in order to reproduce the problem.
mv /root/.ssh/authorized_keys /tmp
@stefw No, it asks for authentication as expected. With and without an SSH key configured for root on my executor host.
[root@test-runner ~]# ls -l /root/.ssh total 8 -rw-------. 1 root root 1679 Apr 10 09:30 id_rsa -rw-r--r--. 1 root root 414 Apr 10 09:30 id_rsa.pub [root@test-runner ~]# ssh root@localhost The authenticity of host 'localhost (::1)' can't be established. ECDSA key fingerprint is SHA256:p5IeBob4K1xAbMRgZcdWOOdYCc8sONf2x8lChwlEORo. ECDSA key fingerprint is MD5:46:e5:a3:4d:f6:ed:34:67:d5:1f:3d:a8:e8:c6:a1:9f. Are you sure you want to continue connecting (yes/no)? ^C [root@test-runner ~]# ssh root@127.0.0.1 The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established. ECDSA key fingerprint is SHA256:p5IeBob4K1xAbMRgZcdWOOdYCc8sONf2x8lChwlEORo. ECDSA key fingerprint is MD5:46:e5:a3:4d:f6:ed:34:67:d5:1f:3d:a8:e8:c6:a1:9f. Are you sure you want to continue connecting (yes/no)? ^C [root@test-runner ~]# mv /root/.ssh/id_rsa /root/.ssh/id_rsa- ; mv /root/.ssh/id_rsa.pub /root/.ssh/id_rsa.pub- [root@test-runner ~]# ssh root@localhost The authenticity of host 'localhost (::1)' can't be established. ECDSA key fingerprint is SHA256:p5IeBob4K1xAbMRgZcdWOOdYCc8sONf2x8lChwlEORo. ECDSA key fingerprint is MD5:46:e5:a3:4d:f6:ed:34:67:d5:1f:3d:a8:e8:c6:a1:9f. Are you sure you want to continue connecting (yes/no)? ^C [root@test-runner ~]# ssh root@127.0.0.1 The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established. ECDSA key fingerprint is SHA256:p5IeBob4K1xAbMRgZcdWOOdYCc8sONf2x8lChwlEORo. ECDSA key fingerprint is MD5:46:e5:a3:4d:f6:ed:34:67:d5:1f:3d:a8:e8:c6:a1:9f. Are you sure you want to continue connecting (yes/no)? ^C [root@test-runner ~]#
However, ansible shouldn't be trying to use ssh at all for tasks on the executor host...
ssh
@stefw Can you show the playbook you are running to get stuck on that prompt?
@jbieren Here's my reproducer.
Use the unreleased master version of standard-test-roles:
$ sudo yum install standard-test-roles $ sudo mv /etc/ansible/roles /etc/ansible/roles-bak $ git clone https://pagure.io/standard-test-roles.git $ sudo ln -s $PWD/standard-test-roles/roles /etc/ansible/roles
Have ansible 2.3.1:
$ rpm -q ansible ansible-2.3.1.0-1.fc26.noarch
Now use a standard-roles-beakerlib based test:
$ git clone https://upstreamfirst.fedorainfracloud.org/coreutils.git $ cd coretuils $ sudo ansible-playbook test_local.yml ... TASK [standard-test-beakerlib : Gather facts] ********************************** The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established. ECDSA key fingerprint is SHA256:+C1DDNG32xx0w65qUYFwHWbY14h2dWzSaoy3fpND3OA. ECDSA key fingerprint is MD5:98:e6:88:4f:01:dd:1b:64:98:7a:54:a3:41:8a:9f:b7. Are you sure you want to continue connecting (yes/no)? yes fatal: [localhost]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n", "unreachable": true}
It seems that the released version of standard-test-roles doesn't include 16abe0c61188230abaa53063216ce8f190395b15 yet? Maybe that's why it's hard to reproduce for people using released versions of standard-test-roles?
16abe0c61188230abaa53063216ce8f190395b15
Thanks @stefw
I was able to reproduce the problem. I am currently testing with the ansible_connection=local added as this PR suggests, but instead of removing the existing lines as in this PR, I left those as well. I have yet to run into a problem with that config, but will update this later once I've done more testing.
BTW, the released version 1.0 of the standard-test-roles package does include commit 16abe0c61188230abaa53063216ce8f190395b15, and it can currently be found in the updates-testing repos.
I, too, was able to reproduce the issue when running the test_local.yml playbook directly.
test_local.yml
@jbieren's suggestion to add ansible_connection=local without removing the ansible_ssh_host and ansible_ssh_connection lines resolves the problem for me.
ansible_connection=local
ansible_ssh_host
ansible_ssh_connection
@stefw, would you please update this PR to only add the new line without removing the existing lines as described above? I'd be happy to merge that.
@merlinm Updated
rebased
Pull-Request has been merged by merlinm
We often don't have an SSH key for the local executor host. Lets
just use ansible_connection=local for simplicity here.