lxc_ssh uses local unix username instead of ansible_user when connecting to host #37
Description
Hello everybody
this is an upstream version of debops/debops#1731
The problem was reproduced with raw "ansible" command so we are pretty sure this is not a debops problem.
I will copy/paste the other bug report here, but some discussion have already taken place on the other side.
Hello
I am in the process of upgrading from 2.2.1 to 2.2.2
Most of my machines are LXC containers which I reach through lxc_ssh
- my username on my control machine is jerros
- the host machine is called monstro (monstro.daviel.idf.intranet)
- the container is called build-yocto
When I attempt any playbook on build-yocto, I get a permisssion denied.
Interesting extract of my trace below:
jerros@logrus:~/comite_expertise/adminsys-ecs$ debops -l build-yocto service/apt -vvv
Running Ansible playbooks:
/home/jerros/comite_expertise/adminsys-ecs/debops/ansible/playbooks/service/apt.yml
(...)
PLAY [Manage Advanced Package Manager] *****************************************************************************************************************************************************************************
XXX connect
<monstro.daviel> ESTABLISH SSH CONNECTION FOR USER: root
<monstro.daviel> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=publickey,gssapi-with-mic,gssapi-keyex,hostbased -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/jerros/.ansible/cp/f16751a621 -tt monstro.daviel 'which lxc'
<monstro.daviel> (255, b'', b'[email protected]: Permission denied (publickey).\r\n')
<monstro.daviel> ssh_retry: attempt: 0, ssh return code is 255. cmd ([b'ssh', b'-C', b'-o', b'ControlMaster=auto', b'-o', b'ControlPersist=60s', b'-o', b'StrictHostKeyChecking=no', b'-o', b'KbdInteractiveAuthentication=no', b'-o', b'PreferredAuthentications=publickey,gssapi-with-mic,gssapi-keyex,hostbased', b'-o', b'PasswordAuthentication=no', b'-o', b'ConnectTimeout=10', b'-o', b'ControlPath=/home/jerros/.ansible/cp/f16751a621', b'-tt', b'monstro.daviel', b'which lxc']...), pausing for 0 seconds
<monstro.daviel> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=publickey,gssapi-with-mic,gssapi-keyex,hostbased -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/jerros/.ansible/cp/f16751a621 -tt monstro.daviel 'which lxc'
<monstro.daviel> (255, b'', b'[email protected]: Permission denied (publickey).\r\n')
<monstro.daviel> ssh_retry: attempt: 1, ssh return code is 255. cmd ([b'ssh', b'-C', b'-o', b'ControlMaster=auto', b'-o', b'ControlPersist=60s', b'-o', b'StrictHostKeyChecking=no', b'-o', b'KbdInteractiveAuthentication=no', b'-o', b'PreferredAuthentications=publickey,gssapi-with-mic,gssapi-keyex,hostbased', b'-o', b'PasswordAuthentication=no', b'-o', b'ConnectTimeout=10', b'-o', b'ControlPath=/home/jerros/.ansible/cp/f16751a621', b'-tt', b'monstro.daviel', b'which lxc']...), pausing for 1 seconds
<monstro.daviel> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=publickey,gssapi-with-mic,gssapi-keyex,hostbased -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/jerros/.ansible/cp/f16751a621 -tt monstro.daviel 'which lxc'
<monstro.daviel> (255, b'', b'[email protected]: Permission denied (publickey).\r\n')
<monstro.daviel> ssh_retry: attempt: 2, ssh return code is 255. cmd ([b'ssh', b'-C', b'-o', b'ControlMaster=auto', b'-o', b'ControlPersist=60s', b'-o', b'StrictHostKeyChecking=no', b'-o', b'KbdInteractiveAuthentication=no', b'-o', b'PreferredAuthentications=publickey,gssapi-with-mic,gssapi-keyex,hostbased', b'-o', b'PasswordAuthentication=no', b'-o', b'ConnectTimeout=10', b'-o', b'ControlPath=/home/jerros/.ansible/cp/f16751a621', b'-tt', b'monstro.daviel', b'which lxc']...), pausing for 3 seconds
<monstro.daviel> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=publickey,gssapi-with-mic,gssapi-keyex,hostbased -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/jerros/.ansible/cp/f16751a621 -tt monstro.daviel 'which lxc'
<monstro.daviel> (255, b'', b'[email protected]: Permission denied (publickey).\r\n')
TASK [Gathering Facts] *********************************************************************************************************************************************************************************************
task path: /home/jerros/comite_expertise/adminsys-ecs/debops/ansible/playbooks/service/apt.yml:7
fatal: [build-yocto]: FAILED! =>
msg: |-
Failed to connect to the host via ssh: [email protected]: Permission denied (publickey).
We see that the proble is that lxc_ssh attempts to connect to the host (monstro) using my local unix username (jerros) instead of using root (I can connect directly as root on that machine, I tested separately)
This used to work in 2.2.1 and reverting to debops 2.2.1 solves the problem
Also note the line <monstro.daviel> ESTABLISH SSH CONNECTION FOR USER: root so debops thinks it is attempting to connect as root, but seems to be connecting without a username, so using the default, local, username.
as a complement, a cutdown output of ansible-inventory for build-yocto
{
"ansible_connection": "lxc_ssh",
"ansible_host": "monstro.daviel",
"ansible_ssh_extra_args": "{{inventory_hostname}}",
"ansible_user": "root",
"netbase__domain": "daviel.idf.intranet",
"netbase__host_ipv4_address": "127.0.1.1",
}Thx a lot
Jérémy