Last active
December 27, 2015 00:09
-
-
Save darKoram/7235534 to your computer and use it in GitHub Desktop.
ssh password strategy for populating known_hosts so remote hosts can access each other.
This assumes we already have an ansible controller with paswordless loging from it to each remote host.
We are trying to add passwordless logins BETWEEN the remote hosts.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| OUTPUT1 | |
| TASK: [Set up passwordless ssh between nodes] ********************************* | |
| failed: [Ubuntu-Cluster-02] => (item=Ubuntu-Cluster-01) => {"changed": true, "cmd": ["ssh-copy-id", "accumulo@Ubuntu-Cluster-01"], "delta": "0:00:00.005403", "end": "2013-10-30 11:13:56.342835", "item": "Ubuntu-Cluster-01", "rc": 1, "start": "2013-10-30 11:13:56.337432"} | |
| failed: [Ubuntu-Cluster-05] => (item=Ubuntu-Cluster-01) => {"changed": true, "cmd": ["ssh-copy-id", "accumulo@Ubuntu-Cluster-01"], "delta": "0:00:00.004475", "end": "2013-10-30 11:13:56.495424", "item": "Ubuntu-Cluster-01", "rc": 1, "start": "2013-10-30 11:13:56.490949"} | |
| stderr: /usr/bin/ssh-copy-id: ERROR: No identities found | |
| stderr: /usr/bin/ssh-copy-id: ERROR: No identities found | |
| ---------- | |
| OUTPUT2 | |
| HANGS FOREVER |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [kbroughton@mb-kbroughton:lynx-accumulo/bootstrap + (master)] ansible-playbook -i hosts -u accumulo bootstrap.yml --extra-vars="user=accumulo pwd=accumulo" --start-at-task="Use sshpass to distribute keys" -vvvv | |
| TASK: [Use sshpass to distribute keys] **************************************** | |
| <Ubuntu-Cluster-01> ESTABLISH CONNECTION FOR USER: accumulo | |
| <Ubuntu-Cluster-01> EXEC ['ssh', '-tt', '-vvv', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/Users/kbroughton/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'Port=22', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'User=accumulo', '-o', 'ConnectTimeout=10', 'Ubuntu-Cluster-01', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-1383148594.41-266920982890351 && chmod a+rx $HOME/.ansible/tmp/ansible-1383148594.41-266920982890351 && echo $HOME/.ansible/tmp/ansible-1383148594.41-266920982890351'"] | |
| <Ubuntu-Cluster-03> ESTABLISH CONNECTION FOR USER: accumulo | |
| <Ubuntu-Cluster-02> ESTABLISH CONNECTION FOR USER: accumulo | |
| <Ubuntu-Cluster-03> EXEC ['ssh', '-tt', '-vvv', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/Users/kbroughton/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'Port=22', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'User=accumulo', '-o', 'ConnectTimeout=10', 'Ubuntu-Cluster-03', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-1383148594.41-278582711393567 && chmod a+rx $HOME/.ansible/tmp/ansible-1383148594.41-278582711393567 && echo $HOME/.ansible/tmp/ansible-1383148594.41-278582711393567'"] | |
| <Ubuntu-Cluster-02> EXEC ['ssh', '-tt', '-vvv', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/Users/kbroughton/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'Port=22', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'User=accumulo', '-o', 'ConnectTimeout=10', 'Ubuntu-Cluster-02', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-1383148594.41-256535448647319 && chmod a+rx $HOME/.ansible/tmp/ansible-1383148594.41-256535448647319 && echo $HOME/.ansible/tmp/ansible-1383148594.41-256535448647319'"] | |
| <Ubuntu-Cluster-01> REMOTE_MODULE command sshpass -f /home/accumulo/.ssh/accumulo_pwd ssh -o StrictHostKeyChecking=no accumulo@Ubuntu-Cluster-01 #USE_SHELL | |
| <Ubuntu-Cluster-01> PUT /var/folders/t2/h22337c12hn279xwd4s9fk7s8_088c/T/tmprSYZV_ TO /home/accumulo/.ansible/tmp/ansible-1383148594.41-266920982890351/command | |
| <Ubuntu-Cluster-02> REMOTE_MODULE command sshpass -f /home/accumulo/.ssh/accumulo_pwd ssh -o StrictHostKeyChecking=no accumulo@Ubuntu-Cluster-01 #USE_SHELL | |
| <Ubuntu-Cluster-02> PUT /var/folders/t2/h22337c12hn279xwd4s9fk7s8_088c/T/tmpRfx_5V TO /home/accumulo/.ansible/tmp/ansible-1383148594.41-256535448647319/command | |
| <Ubuntu-Cluster-01> EXEC ['ssh', '-tt', '-vvv', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/Users/kbroughton/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'Port=22', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'User=accumulo', '-o', 'ConnectTimeout=10', 'Ubuntu-Cluster-01', '/bin/sh -c \'sudo -k && sudo -H -S -p "[sudo via ansible, key=tcnreauluoocabxhpvwawlspixboohwr] password: " -u root /bin/sh -c \'"\'"\'/usr/bin/python /home/accumulo/.ansible/tmp/ansible-1383148594.41-266920982890351/command; rm -rf /home/accumulo/.ansible/tmp/ansible-1383148594.41-266920982890351/ >/dev/null 2>&1\'"\'"\'\''] | |
| <Ubuntu-Cluster-04> ESTABLISH CONNECTION FOR USER: accumulo | |
| <Ubuntu-Cluster-05> ESTABLISH CONNECTION FOR USER: accumulo | |
| <Ubuntu-Cluster-04> EXEC ['ssh', '-tt', '-vvv', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/Users/kbroughton/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'Port=22', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'User=accumulo', '-o', 'ConnectTimeout=10', 'Ubuntu-Cluster-04', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-1383148594.48-220362028286222 && chmod a+rx $HOME/.ansible/tmp/ansible-1383148594.48-220362028286222 && echo $HOME/.ansible/tmp/ansible-1383148594.48-220362028286222'"] | |
| <Ubuntu-Cluster-05> EXEC ['ssh', '-tt', '-vvv', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/Users/kbroughton/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'Port=22', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'User=accumulo', '-o', 'ConnectTimeout=10', 'Ubuntu-Cluster-05', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-1383148594.48-68839426472120 && chmod a+rx $HOME/.ansible/tmp/ansible-1383148594.48-68839426472120 && echo $HOME/.ansible/tmp/ansible-1383148594.48-68839426472120'"] | |
| <Ubuntu-Cluster-03> REMOTE_MODULE command sshpass -f /home/accumulo/.ssh/accumulo_pwd ssh -o StrictHostKeyChecking=no accumulo@Ubuntu-Cluster-01 #USE_SHELL | |
| <Ubuntu-Cluster-03> PUT /var/folders/t2/h22337c12hn279xwd4s9fk7s8_088c/T/tmprSYZV_ TO /home/accumulo/.ansible/tmp/ansible-1383148594.41-278582711393567/command | |
| <Ubuntu-Cluster-02> EXEC ['ssh', '-tt', '-vvv', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/Users/kbroughton/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'Port=22', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'User=accumulo', '-o', 'ConnectTimeout=10', 'Ubuntu-Cluster-02', '/bin/sh -c \'sudo -k && sudo -H -S -p "[sudo via ansible, key=fffmurthvfelzscsnbpavkrmxlcpqaav] password: " -u root /bin/sh -c \'"\'"\'/usr/bin/python /home/accumulo/.ansible/tmp/ansible-1383148594.41-256535448647319/command; rm -rf /home/accumulo/.ansible/tmp/ansible-1383148594.41-256535448647319/ >/dev/null 2>&1\'"\'"\'\''] | |
| <Ubuntu-Cluster-03> EXEC ['ssh', '-tt', '-vvv', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/Users/kbroughton/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'Port=22', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'User=accumulo', '-o', 'ConnectTimeout=10', 'Ubuntu-Cluster-03', '/bin/sh -c \'sudo -k && sudo -H -S -p "[sudo via ansible, key=mqbibdejgarcqssvlybirohctiwuimsh] password: " -u root /bin/sh -c \'"\'"\'/usr/bin/python /home/accumulo/.ansible/tmp/ansible-1383148594.41-278582711393567/command; rm -rf /home/accumulo/.ansible/tmp/ansible-1383148594.41-278582711393567/ >/dev/null 2>&1\'"\'"\'\''] | |
| HANGS FOREVER |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################# | |
| #http://serverfault.com/questions/306541/automating-ssh-copy-id | |
| - name: Set StrictHostKeyChecking no in ~/.ssh/config | |
| lineinfile: create=yes dest="/home/{{user}}/.ssh/config" | |
| regexp=StrictHostKeyChecking | |
| line="StrictHostKeyChecking no" | |
| # This works on the commandline but requires a prompt. | |
| # But wrapped in ansible, it gives OUTPUT1 below. | |
| - name: Set up passwordless ssh between nodes | |
| command: ssh-copy-id {{user}}@{{item}} | |
| with_items: groups['all'] | |
| #OUTPUT2 | |
| - name: Set up passwordless ssh between nodes | |
| command: ssh-copy-id -i "/home/{{user}}/.ssh/id_rsa.pub" {{user}}@{{item}} | |
| with_items: groups['all'] | |
| ################## | |
| This is advertised to work on the serverfault site, but I could not get it to work without | |
| giving a password at least once. Thus it hangs for ansible. | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # sshpass method | |
| # http://stackoverflow.com/questions/12202587/ssh-script-that-automatically-enters-password | |
| - name: Copy the user pwds to hosts | |
| copy: content={{pwd}} dest="/home/{{user}}/.ssh/{{user}}_pwd" | |
| - name: Use sshpass to distribute keys | |
| shell: sshpass -f /home/{{user}}/.ssh/{{user}}_pwd ssh -o StrictHostKeyChecking=no {{user}}@{{item}} | |
| with_items: groups['all'] | |
| # This works from the commandline of 03 adding a key to 05 after placing the pwd in accumulo_pwd. | |
| accumulo@Ubuntu-Cluster-03:~$ sshpass -f /home/accumulo/.ssh/accumulo_pwd ssh -o StrictHostKeyChecking=no accumulo@Ubuntu-Cluser-05 | |
| # But when wrapped in ansible, it hangs forever. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment