2015-09-26

Ansible: Bootstrap new host - ssh issues

Labels: , , ,
While learning/playing with ansible I want to bootstrap a new host. I found some examples like 5-min-bootstrap and 5minbootstrap and want to try it for my own.

My setup is a Vagrant Box with a CentOS7 image (i use puppetlabs/centos-7.0-64-nocm) and Ansible installed in a docker image (Dockerfile). (see my blog post about the connection issue with this setup problem/solution).

I start with a very minimal bootstrap playbook
My inventory file just contains the IP of the VagrantBox 
[newhosts]
172.28.128.3
I run it with 
$ docker run --rm -i -t -v $(pwd):/data -w /data thomo/ansible bash -c 
"ansible-playbook bootstrap.yml -i ./inventories/newhosts --ask-pass"
SSH password:

PLAY [Bootstraping new servers] ****************************************

GATHERING FACTS ********************************************************
fatal: [172.28.128.3] => Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this.  Please add this host's fingerprint to your known_hosts file to manage this host.

PLAY RECAP *************************************************************
           to retry, use: --limit @/root/bootstrap.retry

172.28.128.3               : ok=0    changed=0    unreachable=1    
failed=0

$
To publish the host's fingerprint to the ssh client running in the docker container I decided to make it availible via the docker host. Using the option key UserKnownHostsFile the ssh client will use this to check for known_hosts. 
$ touch newhosts.keys

$ docker run --rm -i -t -v $(pwd):/data -w /data thomo/ansible bash -c 
"ssh -o UserKnownHostsFile=newhosts.keys 172.28.128.3"
The authenticity of host '172.28.128.3 (172.28.128.3)' can't be established.
ECDSA key fingerprint is 39:e5:9b:0d:8b:bd:74:0a:12:e8:c6:37:cb:cf:17:c3.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.28.128.3' (ECDSA) to the list of known hosts.
root@172.28.128.3's password:
Last login: Sat Sep 26 10:03:12 2015 from 172.28.128.1
[root@localhost ~]# exit
logout
Connection to 172.28.128.3 closed.

$ docker run --rm -i -t -v $(pwd):/data -w /data thomo/ansible bash -c 
"ssh -o UserKnownHostsFile=newhosts.keys 172.28.128.3"
root@172.28.128.3's password:
Last login: Sat Sep 26 10:04:27 2015 from 172.28.128.1
[root@localhost ~]# exit
logout
Connection to 172.28.128.3 closed.

$
To tell ansible to use the alternative known_host file the environment variable ANSIBLE_SSH_ARGS can be used. Further I have to specify that ssh should use scp instead of sftp to copy files. This is done with ANSIBLE_SCP_IF_SSH=1 (issue of the docker image I use).
With both varibles I can run my bootstrap playbook. 
$ docker run --rm -i -t -v $(pwd):/data -w /data thomo/ansible bash -c "ANSIBLE_SSH_ARGS='-o UserKnownHostsFile=newhosts.keys' ANSIBLE_SCP_IF_SSH=1 ansible-playbook bootstrap.yml -i ./inventories/newhosts --ask-pass"
SSH password:

PLAY [Bootstraping new servers] **************************************
GATHERING FACTS ******************************************************
ok: [172.28.128.3]

PLAY RECAP ***********************************************************
172.28.128.3               : ok=1    changed=0    unreachable=0    failed=0

$
um

Keine Kommentare

Kommentar veröffentlichen

Abonnieren Kommentare zum Post (Atom)