Bug #25481
closed
Foreman fails to execute ansible commands when connected to ipa server
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1650103
Description of problem:
Whne Satellite 6.4 is connected to an IPA server it fails to run Ansible commands on client systems
Version-Release number of selected component (if applicable):
- Satellite 6.4.0
- ansible-2.7.0-1.el7ae.noarch
How reproducible:
Everytime the Satellite is configured as an ipa client
Steps to Reproduce:
1. Install Satellite 6.4.0
2. Connect Satellite to IPA server
3. Try to run an Ansible command on a command on a client
Actual results:
The run fails with:
fatal: [fluffy.example.com]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: ssh_exchange_identification: Connection closed by remote host\r\n", "unreachable": true}
Expected results:
The run should work
Additional info:
The ipa client changes the file /etc/ssh/ssh_config when it is configured and adds the line
ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h
This was already reported for ovirt/RHV in this bugzillas:
- https://bugzilla.redhat.com/show_bug.cgi?id=1529851#c14
- https://bugzilla.redhat.com/show_bug.cgi?id=1531967#c5
Workaround:
Comment the line in /etc/ssh/ssh_config like this:
#ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %hand the Ansible jobs are working again.
Updated by 
Updated by 
Updated by 
Updated by 
Updated by