Bug #25481
closed
Foreman fails to execute ansible commands when connected to ipa server
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1650103
Description of problem:
Whne Satellite 6.4 is connected to an IPA server it fails to run Ansible commands on client systems
Version-Release number of selected component (if applicable):
- Satellite 6.4.0
- ansible-2.7.0-1.el7ae.noarch
How reproducible:
Everytime the Satellite is configured as an ipa client
Steps to Reproduce:
1. Install Satellite 6.4.0
2. Connect Satellite to IPA server
3. Try to run an Ansible command on a command on a client
Actual results:
The run fails with:
fatal: [fluffy.example.com]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: ssh_exchange_identification: Connection closed by remote host\r\n", "unreachable": true}
Expected results:
The run should work
Additional info:
The ipa client changes the file /etc/ssh/ssh_config when it is configured and adds the line
ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h
This was already reported for ovirt/RHV in this bugzillas:
- https://bugzilla.redhat.com/show_bug.cgi?id=1529851#c14
- https://bugzilla.redhat.com/show_bug.cgi?id=1531967#c5
Workaround:
Comment the line in /etc/ssh/ssh_config like this:
#ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %hand the Ansible jobs are working again.
Updated by Tomer Brisker over 6 years ago
- Project changed from Ansible to Installer
- Subject changed from Satellite fails to execute ansible commands when connected to ipa server to Satellite fails to execute ansible commands when connected to ipa server
- Category set to Foreman modules
Updated by Tomer Brisker over 6 years ago
- Pull request https://github.com/theforeman/puppet-foreman_proxy/pull/485 added
Updated by Tomer Brisker over 6 years ago
- Status changed from New to Ready For Testing
Updated by Ohad Levy over 6 years ago
- Subject changed from Satellite fails to execute ansible commands when connected to ipa server to Foreman fails to execute ansible commands when connected to ipa server
Updated by The Foreman Bot almost 6 years ago
- Assignee set to Ewoud Kohl van Wijngaarden
- Pull request https://github.com/theforeman/puppet-foreman_proxy/pull/511 added
Updated by Ewoud Kohl van Wijngaarden almost 6 years ago
- Status changed from Ready For Testing to Closed
Applied in changeset puppet-foreman_proxy|2e11f6810d8b4e7e8ce28f91bdf6a534c0f3e2f4.
Updated by The Foreman Bot over 5 years ago
- Pull request https://github.com/theforeman/puppet-foreman_proxy/pull/534 added
Updated by Ewoud Kohl van Wijngaarden over 5 years ago
- Triaged changed from No to Yes
- Fixed in Releases 1.22.1 added
Updated by Marek Hulán over 5 years ago
This causes a problem on my debian environment when ansible setup module is ran, for some reasons `ssh_args=` (even empty) changes the behavior. Reproduced with ansible 2.8, when running under foreman-proxy user only (root seems to work fine), it seems like sftp/scp/pipe (dd over ssh) does not work, therefore setup fails.
When I commented this line, it started working again but I had to also change owner of /var/lib/foreman-proxy/ansible/ to foreman-proxy on debian (packaging issue?)
Updated by Marek Hulán over 5 years ago
If I specify also ansible defaults as per https://docs.ansible.com/ansible/latest/reference_appendices/config.html#ansible-ssh-args (-C -o ControlMaster=auto -o ControlPersist=60s) it works, so some of these options are probably necessary and by hardcoding ssh_args to ProxyCommand=none we're breaking it
Updated by Ewoud Kohl van Wijngaarden over 2 years ago
- Related to Bug #28559: Hardcoding Proxy Command breaks running Ansible on Debian added