0
Ich versuche auf eine EC2-Instanz zuzugreifen, wobei Ansible auf einer anderen EC2-Instanz installiert ist. Meine Hosts sind mit einem Bastion-Host eingerichtet. Ich habe diesen Beitrag http://blog.scottlowe.org/2015/12/24/running-ansible-through-ssh-bastion-host/ verfolgt, der ziemlich geradlinig scheint.Ansible Bastion Host nicht erreichbar?
Hinweis: Ich habe diesen anderen Thread (Ansible with a bastion host/jump box?) gelesen, aber es hat nicht geholfen.
Ich kann SSH direkt und Ping von diesem Host an die IP von dynamischen Inventar (eine öffentliche IP) gegeben; aber warum scheitert ein einfacher ansässiger Ping, wenn der tatsächliche ssh funktioniert und pingbar ist?
[email protected]:/etc/ansible# ansible -i /etc/ansible/inventory/ec2.py tag_managed_ansible -m ping -vvvv
Using /etc/ansible/ansible.cfg as config file
Loaded callback minimal of type stdout, v2.0
<x.x.x.x> ESTABLISH SSH CONNECTION FOR USER: ubuntu
<x.x.x.x> SSH: EXEC ssh -C -vvv -F /root/.ssh/config -o ControlMaster=auto -o ControlPersist=10m -o 'IdentityFile="/home/ubuntu/.ssh/asdev.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 -o 'ControlPath=~/.ssh/ansible-%[email protected]%h:%p' x.x.x.x '/bin/sh -c '"'"'(umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1466601336.03-126192442556847 `" && echo ansible-tmp-1466601336.03-126192442556847="` echo
$HOME/.ansible/tmp/ansible-tmp-1466601336.03-126192442556847 `") && sleep 0'"'"''
x.x.x.x | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh.",
"unreachable": true
}
Debug from direct ssh which works (via proxy command setup in /root/.ssh/config)
[email protected]:/etc/ansible# ssh devtest3 -v
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /root/.ssh/config
debug1: /root/.ssh/config line 1: Applying options for *
debug1: /root/.ssh/config line 769: Applying options for devtest3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 1: Applying options for *
debug1: /etc/ssh/ssh_config line 769: Applying options for devtest3
debug1: Hostname has changed; re-reading configuration
debug1: Reading configuration data /root/.ssh/config
debug1: /root/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 1: Applying options for *
debug1: auto-mux: Trying existing master
debug1: multiplexing control connection
debug2: fd 6 setting O_NONBLOCK
debug3: fd 6 is O_NONBLOCK
debug1: channel 1: new [mux-control]
debug3: channel_post_mux_listener: new mux channel 1 fd 6
debug3: mux_master_read_cb: channel 1: hello sent
debug2: set_control_persist_exit_time: cancel scheduled exit
debug3: mux_master_read_cb: channel 1 packet type 0x00000001 len 4
debug2: process_mux_master_hello: channel 1 slave version 4
debug3: mux_master_read_cb: channel 1 packet type 0x10000004 len 4
debug2: process_mux_alive_check: channel 1: alive check
debug3: mux_master_read_cb: channel 1 packet type 0x10000002 len 50
debug2: process_mux_new_session: channel 1: request tty 1, X 1, agent 0, subsys 0, term "xterm-256color", cmd "", env 0
debug3: mm_receive_fd: recvmsg: Resource temporarily unavailable
debug3: mm_receive_fd: recvmsg: Resource temporarily unavailable
debug3: mm_receive_fd: recvmsg: Resource temporarily unavailable
debug3: process_mux_new_session: got fds stdin 7, stdout 8, stderr 9
debug1: channel 2: new [client-session]
debug2: process_mux_new_session: channel_new: 2 linked to control channel 1
debug2: channel 2: send open
debug2: callback start
debug2: client_session2_setup: id 2
debug2: channel 2: request pty-req confirm 1
debug2: channel 2: request shell confirm 1
debug3: mux_session_confirm: sending success reply
debug2: callback done
debug2: channel 2: open confirm rwindow 0 rmax 32768
debug1: mux_client_request_session: master session id: 2
debug2: channel_input_status_confirm: type 99 id 2
debug2: PTY allocation request accepted on channel 2
debug2: channel 2: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 2
debug2: shell request accepted on channel 2
Last login: Wed Jun 22 13:20:11 2016 from
[email protected]:~$
Hier ssh Einstellung des ansible.cfg:
[ssh_connection]
ssh_args = -F /root/.ssh/config -o ControlMaster=auto -o ControlPersist=10m
control_path = ~/.ssh/ansible-%%[email protected]%%h:%%p
Einstellung in /root/.ssh/config:
Host devtest3
HostName x.x.x.x
Port 22
User ubuntu
StrictHostKeyChecking no
IdentitiesOnly yes
IdentityFile ~/.ssh/asdev.pem
#(I tried both)
#ProxyCommand ssh -W %h %p proxy
ProxyCommand ssh -q proxy nc -q0 %h %p