Or: key is ok but it's not being used because of an ssh misconfig
On Thu, 3 Sep 2020 at 06:44, Dick Visser <dick.vis...@geant.org> wrote:
> Sounds like a permission issue somewhere.
> Can you manually sudo to whatever user your playbook is using and clone
> the repo?
> Key permissions ok?
> Correct user?
>
>
>
> On Wed, 2 Sep 2020 at 23:34, Erick Sun <ericksu...@gmail.com> wrote:
>
>> Hello, thanks for taking a look! I am trying to install needed software
>> on hosts running RHEL 7.x (Docker, Python, Intel Parallel Studio). During
>> play to download Intel, the play is designed to ssh into and clone from
>> remote Git repo. It has been verified that the local host' ssh key is
>> known by remote server and also the server's ssh key is known to local
>> host, although local host is not able to read from remote. Without going
>> into too much detail, here is the set of plays being run in playbook.yml,
>> as well as the inventory in hosts.yml. The playbook breaks at the "Clone
>> cots_lfs repo" play:
>>
>>
>> ######playbook.yml
>> ---
>> - hosts: all
>> gather_facts: yes
>> tasks:
>>
>> ###Set of plays that checks the host OS, RAM, and scratch Disk Space
>> #Grab the Distribution and Version and check it is between 7.x and 8.0
>> - name: Distribution
>> ...
>>
>> - name: Distribution version
>> ...
>>
>> - name: Check that the Red Hat Version >= 7.x and < 8
>> ...
>>
>> #Check the Ram and that there's at least xxx MB
>> - name: RAM
>> ...
>>
>> - name: Check that the System Ram is > xxx MB
>> ...
>>
>> #Check HD space of /local_path and that there's at least xxx MB.
>> - name: Disk Space
>> ...
>>
>> - name: Check that Disk Space is > xxx MB.
>> ...
>>
>> ###Set of plays that checks the host RPMs and Services for Docker
>> #Get RPM and Service Facts
>> - name: Populate Host RPM Package Facts
>> ...
>>
>> - name: Populate Host Service Facts
>> ...
>>
>> #Docker Plays
>> - name: Check if Docker is installed
>> ...
>>
>> - name: Install Docker Dependencies if needed
>> ...
>>
>> - name: Add the Public Docker Repo if needed
>> ...
>>
>> - name: Install Docker Dependencies if needed
>> ...
>>
>> - name: Install Docker service 18.x
>> ...
>>
>> - name: Set the Docker http proxy file
>> ...
>>
>> - name: Set the Docker daemon file
>> ...
>>
>> - name: Ensure Docker group is created on host
>> ...
>>
>> - name: Add users to Docker group
>> ...
>>
>> - name: Initial Start of Docker Service
>> ...
>>
>> - name: Set permissions on /var/run/docker.sock to 0666
>> ...
>>
>> - name: Stop Docker Service
>> ...
>>
>> - name: Reload Docker Service
>> ...
>>
>> - name: Enable and Start Docker Service
>> ...
>>
>> - name: Print Docker Service Info
>> ...
>>
>> ###Set of plays that checks the host RPMs and Services for Python3
>> #Check Python plays
>> - name: Check for Python3
>> ...
>>
>> - name: Install Python3 if needed
>> ...
>>
>> - name: Check for Python3-Pip
>> ...
>>
>> - name: Install Python3-Pip if needed
>> ...
>>
>> - name: Check for Python-Virtualenv
>> ...
>>
>> - name: Install
>>
>>
>>
>> Python-Virtualenv if needed
>> ...
>>
>> - name: Run script to create Python Virtual environment
>> ...
>>
>> ###Set of plays that checks the host's git lfs installation
>> - name: Install git-lfs if needed
>> ...
>>
>> ###Set of plays that installs Intel
>> - name: Check if Intel is installed in /opt/
>> ...
>>
>> - name: Clone cots_lfs repo
>> clone: yes
>> repo: 'ssh://<url/cots_lfs.git>'
>> dest: /local_path/cots_lfs
>> version: intel_parallel_studio_full
>> update: yes
>> clone: yes
>> force: yes
>> when: not intel_exists.stat.exists
>>
>> - name: Install Intel
>> ...
>>
>> ###Set of plays that modifies the hosts /etc/ files
>> - name: Run modify system files script
>> ...
>>
>> - name: Restart host if system files have been modified
>> ...
>>
>> - name: Restart Docker service if host was rebooted
>> ...
>>
>>
>> ######hosts.yml
>> ---
>> all:
>> hosts:
>> localhost
>> children:
>> watermarked:
>> vars:
>> proxy: <url>
>> hosts:
>> Workstation1:
>> ansible_host: <ip_addr>
>> Workstation2:
>> ansible_host: <ip_addr>
>> ...
>>
>> nonwatermarked:
>> hosts:
>> Workstation1:
>> ansible_host: <ip_addr>
>> Workstation2:
>> ansible_host: <ip_addr>
>> ...
>>
>> offline:
>> hosts:
>> <ip_addr>
>>
>>
>>
>> Thanks,
>> Erick
>>
>>
>>
>> On Wednesday, September 2, 2020 at 1:37:01 AM UTC-7 dick....@geant.org
>> wrote:
>>
>>> You need to give more info. Playbooks, inventory, what are you trying
>>>
>>>
>>> to achieve, etc.
>>>
>>>
>>>
>>>
>>>
>>> On Tue, 1 Sep 2020 at 23:48, Erick Sun <erick...@gmail.com> wrote:
>>>
>>>
>>> >
>>>
>>>
>>> > Host SSH key not recognized when trying to SSH into remote repository
>>> using Ansible playbook. Remote repository was verified to have the correct
>>> SSH key from host, but still wouldn't recognize host when trying to clone
>>> from the repository. Ran Ansible on 15 hosts, 13 were successful, 1 failed
>>> to clone from remote repo even though they were configured the same. Here
>>> is the actual error received. Can anyone help, please? Thx
>>>
>>>
>>> >
>>>
>>>
>>> > fatal: [Host]: FAILED! => {"changed": false, "cmd": "/usr/bin/git
>>> clone --origin origin 'ssh:<path_to_repo>' /local_path", "msg": "FIPS mode
>>> initialized\r\nDisabling GSSAPIKeyExchange. Not usable in FIPS
>>> mode\r\nPermission denied (publickey).\r\nfatal: Could not read from remote
>>> repository.\n\nPlease make sure you have the correct access rights\nand the
>>> repository exists.", "rc": 128, "stderr": "FIPS mode
>>> initialized\r\nDisabling GSSAPIKeyExchange. Not usable in FIPS
>>> mode\r\nPermission denied (public key).\r\nfatal: Could not read from
>>> remote repository.\n\nPlease make sure you have the corr ect access
>>> rights\nand the repository exists.\n", "stderr_lines": ["FIPS mode
>>> initialized", "Disabling GSSAPIKeyExchange. Not usable in FIPS mode",
>>> "Permission denied (publickey).", "fatal: Could not read from remote
>>> repository.", "", "Please make sure you have the correct access rights",
>>> "and the repository exists."], "stdout": "Cloning into '/local_path'...\n",
>>> "stdout_lines": ["Cloning into '/local_path'..."]}
>>>
>>>
>>> >
>>>
>>>
>>> > --
>>>
>>>
>>> > You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>>
>>>
>>> > To unsubscribe from this group and stop receiving emails from it, send
>>> an email to ansible-proje...@googlegroups.com.
>>>
>>>
>>> > To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/e84682be-85ac-47b8-8c80-661de0f5dbc6n%40googlegroups.com
>>> .
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> --
>>>
>>>
>>> Dick Visser
>>>
>>>
>>> Trust & Identity Service Operations Manager
>>>
>>>
>>> GÉANT
>>>
>>>
>>>
>>
>>
>>
>>
>>
>>
>>
>> --
>>
>>
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>>
>>
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ansible-project+unsubscr...@googlegroups.com.
>>
>>
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/1ca775c3-320c-4139-8f13-d61ae64c7d41n%40googlegroups.com
>> <https://groups.google.com/d/msgid/ansible-project/1ca775c3-320c-4139-8f13-d61ae64c7d41n%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>>
>> --
> Sent from a mobile device - please excuse the brevity, spelling and
> punctuation.
>
>
> --
Sent from a mobile device - please excuse the brevity, spelling and
punctuation.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAL8fbwPssafzbrS-hFADjOQ96gm5hqOzm-2aju8tsx%3D_-iH31A%40mail.gmail.com.
