Linux Services(I tried to do by Ansible)

Did any one tried to do this task using Ansible?

The task is to install a package in 3 different appservers.

I am always getting

ansible-playbook: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n", "unreachable": true}

ansible -m ping localhost is OK only.

ansible -m ping all -u root gives same error.

I set
in ansible.cfg

[defaults]
inventory = ./inventory
private_key_file = ~/.ssh/id_rsa

and
Inventory file

# host
[localhost]
local ansible_host=localhost 
[appserver]
stapp01 ansible_host=172.16.238.10
stapp02 ansible_host=172.16.238.11
stapp03 ansible_host=172.16.238.12

So far no luck.

Can anyone please tell me how can I overcome this.

Here is my small yaml file to install cups

- hosts: appserver
  become: true
  tasks: 
    - name: Installing cups on appservers
      yum:
        name: cups
        state: latest
    - name: Ensure starts cups on boot
      systemd:
        name: cups
        enabled: yes
        mask: no

@royki Can’t see this task in your bucket. Can you please share the task name?

:face_with_monocle: :roll_eyes: :stuck_out_tongue:
I can see. :smiley: Here it is -

PS: I understand why :stuck_out_tongue: as the Task name is Linux Services.

Oh, BTW why are you trying to complete this task using Ansible ? If you want to use Ansible then you need to make sure Ansible do have password less SSH access to all apps from jump host (if you are running Ansible from jump host). Or you need to define credentials inside inventory.

Yes, I m trying to do using Ansible. But I install Ansible in one of the Appserver, not from Jump host.

How to do this - Ansible do have password less SSH access ?
Thanks

@royki you can try this: https://www.tecmint.com/ssh-passwordless-login-using-ssh-keygen-in-5-easy-steps/

@Inderpreet, yes I generated the ssh key.I didn’t upload ssh key to other server. How can I do that via Ansible? I think ansible automatically manage this.

Here is the new Ansible Configuration and now this time I did it from Jump server.
inventory

# host
[localhost]
local ansible_host=127.0.0.1 ansible_connection=local
[appserver]
stapp01 ansible_ssh_host=172.16.238.10 ansible_connection=ssh ansible_ssh_user=tony ansible_ssh_pass=Ir0nM@n
stapp02 ansible_ssh_host=172.16.238.11 ansible_connection=ssh ansible_ssh_user=steve ansible_ssh_pass=Am3ric@
stapp03 ansible_ssh_host=172.16.238.12 ansible_connection=ssh ansible_ssh_user=banner ansible_ssh_pass=BigGr33n

ansible.cfg

defaults]
inventory = ./inventory
private_key_file = ~/.ssh/id_rsa
host_key_checking = false


image

No luck so far :frowning: :no_mouth:

try below become: true
write this line also
remote_user: root

You need to generate a ssh key on the ansible host.Then copy it on your servers where packages must be installed.

I made it success:
ansible-playbook -i myhosts site.yml

site.yml:

  • hosts: appservers
    become: true
    tasks:
    • name: install squid
      yum:
      name: squid
      state: present
    • name: status
      systemd:
      name: squid
      enabled: yes

myhosts:
[appservers]
stapp01 ansible_ssh_host=172.16.238.10 ansible_connection=ssh ansible_ssh_user=tony ansible_ssh_pass=Ir0nM@n ansible_become_pass=Ir0nM@n
stapp02 ansible_ssh_host=172.16.238.11 ansible_connection=ssh ansible_ssh_user=steve ansible_ssh_pass=Am3ric@ ansible_become_pass=Am3ric@
stapp03 ansible_ssh_host=172.16.238.12 ansible_connection=ssh ansible_ssh_user=banner ansible_ssh_pass=BigGr33n ansible_become_pass=BigGr33n

ansible.cgf:
[defaults]
inventory = ./inventory
private_key_file = ~/.ssh/id_rsa
host_key_checking = false

2 Likes

Thanks @dushasokol. It works :slight_smile:

1 Like

Hi I have done all that i.e generating ssh key on the ansible host and copied it into app servers. But ping does not work. Please see below screenshot.

@faisalbasha1982 It is telling, you have syntax problem in the file. Check your /etc/ansible/hosts file.

What I did is that, I created ansible.cfg file where I mention some configuration like where is my host/inventory file located etc. By doing this, I don’t touch the ansible default configuration file.

So my ansible.cfg file is like this -

[defaults]
inventory = ./inventory
private_key_file = ~/.ssh/id_rsa
host_key_checking = false

And my inventory file is like this -

# host
[localhost]
local ansible_host=127.0.0.1 ansible_connection=local ansible_ssh_user=thor ansible_ssh_pass=mjolnir123

[appserver]
stapp01 ansible_ssh_host=172.16.238.10 ansible_connection=ssh ansible_ssh_user=tony ansible_ssh_pass=Ir0nM@n ansible_become_pass=Ir0nM@n
stapp02 ansible_ssh_host=172.16.238.11 ansible_connection=ssh ansible_ssh_user=steve ansible_ssh_pass=Am3ric@ ansible_become_pass=Am3ric@
stapp03 ansible_ssh_host=172.16.238.12 ansible_connection=ssh ansible_ssh_user=banner ansible_ssh_pass=BigGr33n ansible_become_pass=BigGr33n

[dbserver]
stdb01 ansible_ssh_host=172.16.239.10 ansible_connection=ssh ansible_ssh_user=peter ansible_ssh_pass=Sp!dy ansible_become_pass=Sp!dy

[dcstorage]
ststor01 ansible_ssh_host=172.16.238.15 ansible_connection=ssh ansible_ssh_user=natasha ansible_ssh_pass=Bl@kW ansible_become_pass=Bl@kW

[backupserver]
stbkp01 ansible_ssh_host=172.16.238.16 ansible_connection=ssh ansible_ssh_user=clint ansible_ssh_pass=H@wk3y3 ansible_become_pass=H@wk3y3

[mailserver]
stmail01 ansible_ssh_host=172.16.238.17 ansible_connection=ssh ansible_ssh_user=groot ansible_ssh_pass=Gr00T123 ansible_become_pass=Gr00T123

To Ping a appserver, I do - ansible -m ping appserver or ansible -m ping stapp01

You can simply put inventory in /etc/ansible/hosts file without creating ansible.cfg file but with right syntax.

Hope that helps

Thanks bro, but in this all I had to do inroder to test was this command:

ansible /home/thor/ansible/inventory -m ping stapp01
as the inventory files already had the servers. We just have to give the inventory path name in the command. I have successfully completed this task.

@faisalbasha1982 not really man. If you define path of inventory file in ansible.cfg file then you don’t need to give it. Ansible automatically finds that .

Yes I understand, I wlll make use of it for the next coming tasks. Thanks.