search

jvinet / knock

A port-knocking daemon
http://www.zeroflux.org/projects/knock
GNU General Public License v2.0
552 stars 114 forks source link

knocking not working for ansible playbook over ssh #40

Closed babatundebusari closed 8 years ago

babatundebusari commented 8 years ago

When i use knock from client to server, ansible playbook does not work and fails during SSH authentication even though i am using SSH keys

ubuntu@ip-192-168-5-238:~$ sudo knockd -vD
sudo: unable to resolve host ip-192-168-5-238
config: new section: 'options'
config: usesyslog
config: new section: 'ansible'
config: ansible: sequence: 9000:tcp,9999:tcp
config: ansible: seq_timeout: 5
config: ansible: start_command: ansible-playbook -i hosts default.yml -vvv
ethernet interface detected
Local IP: 192.168.5.238
listening on eth0...
2016-00-27 20:54:59: tcp: 192.168.5.150:33260 -> 192.168.5.238:9000 74 bytes
192.168.5.150: ansible: Stage 1
2016-00-27 20:54:59: tcp: 192.168.5.150:53055 -> 192.168.5.238:9999 74 bytes
192.168.5.150: ansible: Stage 2
192.168.5.150: ansible: OPEN SESAME
ansible: running command: ansible-playbook -i hosts default.yml -vvv
No config file found; using defaults
[DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and make sure become_method is 'sudo' (default). This feature will be removed in a future release. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.
1 plays in default.yml

PLAY ***************************************************************************

TASK [setup] *******************************************************************
<192.168.5.150> ESTABLISH SSH CONNECTION FOR USER: ubuntu
<192.168.5.150> SSH: EXEC ssh -C -q -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/ansible-ssh-%h-%p-%r -tt 192.168.5.150 '( umask 22 && mkdir -p "$( echo $HOME/.ansible/tmp/ansible-tmp-1453928100.08-29024361375363 )" && echo "$( echo $HOME/.ansible/tmp/ansible-tmp-1453928100.08-29024361375363 )" )'
fatal: [192.168.5.150]: UNREACHABLE! => {"changed": false, "msg": "ERROR! SSH encountered an unknown error during the connection. We recommend you re-run the command using -vvvv, which will enable SSH debugging output to help diagnose the issue", "unreachable": true}

PLAY RECAP *********************************************************************
192.168.5.150              : ok=0    changed=0    unreachable=1    failed=0

ansible: command returned non-zero status code (3)

Here is the playbook when it runs manually

ubuntu@ip-192-168-5-238:~$ ansible-playbook -i hosts default.yml
[DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and make sure become_method is 'sudo' (default). This feature will be removed in a future release. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.

PLAY ***************************************************************************

TASK [setup] *******************************************************************
ok: [192.168.5.150]

TASK [ensure apache is at the latest version] **********************************
ok: [192.168.5.150]

TASK [drop an arbitrary file just so we know something happened] ***************
changed: [192.168.5.150]

PLAY RECAP *********************************************************************
192.168.5.150              : ok=3    changed=1    unreachable=0    failed=0
babatundebusari commented 8 years ago

fixed now...was problems with the latest ansible 2.0 so downgraded back to ansible 1.7 plus fixed some other ansible playbook issues..knockd works like a charm now!!!