Yeah, the user is using the default remote_user of www-data, but the set remote_user is deployer.
As in my first post, the task BEFORE the sync is connecting via deployer, but the syncronize task falls back to the default www-data user, which doesn't have ssh access to my locahost. This seems bizarre as it should pick up the same ssh user that is used in the task above. If I change: [localhost] localhost ansible_ssh_user=deployer ansible_connection=local Then it works correctly, as it doesn't use SSH any more... but then other tasks that rely on being run via the deployer user over SSH fail. To give you a use-case that this seems to be preventing, I am trying to deploy a Symfony2 PHP application and the config/setup is being handled by Ansible. Running it against a remote machine has the same steps for config as is needed to set up a local copy of the app, so am trying to allow devs to set up a local copy, if they wish, without having to do any manual setup. I'm kinda getting the feeling that the magic in the synchronize command is fighting against what I am trying to achieve on a local machine. On Monday, 30 June 2014 09:07:41 UTC+12, Michael DeHaan wrote: > > Looks like you are trying to SSH into yourself and this isn't being > allowed, which may imply localhost is in the "cron" group above. > > Key line is the last one "Permission denied (publickey,password)" > > > > > On Sun, Jun 29, 2014 at 4:22 PM, Cameron Junge <[email protected] > <javascript:>> wrote: > > Hi Michael, > > I actually found that whether I run against localhost or not I get the > same error. > > verbose output is: > > TASK: [deploy | Copy source to server] > **************************************** > <127.0.0.1> ESTABLISH CONNECTION FOR USER: www-data > <127.0.0.1> EXEC ['ssh', '-C', '-tt', '-vvv', '-o', 'ControlMaster=auto', > '-o', 'ControlPersist=60s', '-o', > 'ControlPath=/home/cameron/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', > 'Port=22', '-o', 'KbdInteractiveAuthentication=no', '-o', > 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey' > , '-o', 'PasswordAuthentication=no', '-o', u'User=www-data', '-o', > 'ConnectTimeout=10', '127.0.0.1', "/bin/sh -c 'mkdir -p > $HOME/.ansible/tmp/ansible-tmp-1404073222.49-59338707865389 && chmod a+rx > $HOME/.ansible/tmp/ansible-tmp-1404073222.49-59338707865389 && echo > $HOME/.ansible/tmp/ansible-tmp-1404073222.49-59338707865389'"] > fatal: [localhost] => SSH encountered an unknown error. The output was: > OpenSSH_6.2p2 Ubuntu-6ubuntu0.4, OpenSSL 1.0.1e 11 Feb 2013 > debug1: Reading configuration data /home/cameron/.ssh/config > debug1: /home/cameron/.ssh/config line 25: Applying options for 127.0.0.1 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: /etc/ssh/ssh_config line 19: Applying options for * > debug1: auto-mux: Trying existing master > debug1: Control socket > "/home/cameron/.ansible/cp/ansible-ssh-127.0.0.1-22-www-data" does not > exist > debug2: ssh_connect: needpriv 0 > debug1: Connecting to 127.0.0.1 [127.0.0.1] port 22. > debug2: fd 3 setting O_NONBLOCK > debug1: fd 3 clearing O_NONBLOCK > debug1: Connection established. > debug3: timeout: 10000 ms remain after connect > debug3: Incorrect RSA1 identifier > debug3: Could not load "/home/cameron/.ssh/id_rsa" as a RSA1 public key > debug1: identity file /home/cameron/.ssh/id_rsa type 1 > debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 > debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 > debug1: identity file /home/cameron/.ssh/id_rsa-cert type -1 > debug1: identity file /home/cameron/.ssh/id_dsa type -1 > debug1: identity file /home/cameron/.ssh/id_dsa-cert type -1 > debug1: identity file /home/cameron/.ssh/id_ecdsa type -1 > debug1: identity file /home/cameron/.ssh/id_ecdsa-cert type -1 > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_6.2p2 Ubuntu-6ubuntu0.4 > debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2p2 > Ubuntu-6ubuntu0.4 > debug1: match: OpenSSH_6.2p2 Ubuntu-6ubuntu0.4 pat OpenSSH* > debug2: fd 3 setting O_NONBLOCK > debug3: load_hostkeys: loading entries for host "127.0.0.1" from file > "/home/cameron/.ssh/known_hosts" > debug3: load_hostkeys: found key type ECDSA in file /home/cameron/.ssh/ > known_hosts:22 > debug3: load_hostkeys: loaded 1 keys > debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert- > [email protected],[email protected],ecdsa-sha2- > [email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384, > ecdsa-sha2-nistp521 > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2 > -nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group- > exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: [email protected],ecdsa- > [email protected],ecdsa-sha2-nistp521-cert-v01@openssh. > com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa- > [email protected],[email protected],ssh-rsa-cert-v00@openssh > .com,[email protected],ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256, > arcfour128,[email protected],[email protected],aes128-cbc,3des- > cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael- > [email protected] > debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256, > arcfour128,[email protected],[email protected],aes128-cbc,3des- > cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael- > [email protected] > debug2: kex_parse_kexinit: [email protected],hmac-sha1-etm@openssh. > com,[email protected],[email protected],hmac-sha2-256- > [email protected],[email protected],hmac-ripemd160-etm@openssh. > com,[email protected],[email protected],hmac-md5,hmac > -sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512 > ,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: [email protected],hmac-sha1-etm@openssh. > com,[email protected],[email protected],hmac-sha2-256- > [email protected],[email protected],hmac-ripemd160-etm@openssh. > com,[email protected],hmac</s > > ... -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/38defa88-19a5-4161-81f9-e2ff0cbe7406%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
