SSH works, but ansible throws unreachable error

[mhfowler]

ISSUE TYPE

• Bug Report

ANSIBLE VERSION

ansible 2.0.0.2
  config file = 
  configured module search path = Default w/o overrides

CONFIGURATION

No changes

OS / ENVIRONMENT

OS X El Capitan Version 10.11.3

SUMMARY

I can connect to my Rasberry Pi through ssh through an ethernet cable via "ssh pi@169.254.0.2" but running Ansible with this IP address as a host fails.

I have successfully configured this Rasberry Pi with ansible through wifi (using the wifi IP address), but now trying to use ansible via the direct ethernet connection I get the cryptic error message:

`TASK [setup] *******************************************************************
fatal: [169.254.0.2]: UNREACHABLE! => {"changed": false, "msg": "ERROR! (25, 'Inappropriate ioctl for device')", "unreachable": true}`

Because I can successfully connect to this pi using that IP address through ssh from terminal, I am positing that this is a bug in Ansible.

STEPS TO REPRODUCE

I run this command to rune the role

ansible-playbook ansible-pi/playbook.yml -i ansible-pi/hosts --ask-pass --sudo -c paramiko -vvvv

I also tried

ansible-playbook ansible-pi/playbook.yml -i ansible-pi/hosts --ask-pass --sudo -vvvv

which lead to the same error.

hosts file

[pis]
169.254.0.2

playbook

---

- name: Ansible Playbook for configuring brand new Raspberry Pi

  hosts: pis
  roles:
    - pi
  remote_user: pi
  sudo: yes

I assume that the role is actually unimportant because ansible is failing at the ssh connection step.

EXPECTED RESULTS

I expect ansible to connect to pi and run the role (I have successfully done this via connecting over an IP address through wifi)

ACTUAL RESULTS

/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/getpass.py:83: GetPassWarning: Can not control echo on the terminal.
No config file found; using defaults
  passwd = fallback_getpass(prompt, stream)
Warning: Password input may be echoed.
SSH password: raspberry

[DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and 
make sure become_method is 'sudo' (default). This feature will be removed in a 
future release. Deprecation warnings can be disabled by setting 
deprecation_warnings=False in ansible.cfg.
Loaded callback default of type stdout, v2.0
1 plays in ansible-pi/playbook.yml

PLAY [Ansible Playbook for configuring brand new Raspberry Pi] *****************

TASK [setup] *******************************************************************
<169.254.0.2> ESTABLISH CONNECTION FOR USER: pi on PORT 22 TO 169.254.0.2
CONNECTION: pid 2118 waiting for lock on 10
CONNECTION: pid 2118 acquired lock on 10
fatal: [169.254.0.2]: UNREACHABLE! => {"changed": false, "msg": "ERROR! (25, 'Inappropriate ioctl for device')", "unreachable": true}

PLAY RECAP *********************************************************************
169.254.0.2                : ok=0    changed=0    unreachable=1    failed=0   

[jctanner]

Hi!

Thanks very much for your submission to Ansible. It sincerely means a lot to us.

We have some questions we'd like to know about before we can get this request queued up. If you can help answer them, we'd greatly appreciate it:

• Have you tried disabling fact gathering to check for more verbose errors from a task instead?
• With fact gathering disabled, have you tested the raw module?

Just as a quick reminder of things, this is a really busy project. We have over 800 contributors and to manage the queue effectively
we assign things a priority between P1 (highest) and P5. We'd like to thank you very much for your time!
We'll work things in priority order, so just wanted you to be aware of the queue and know we haven't forgotten about you!

We will definitely see your comments on this issue when reading this ticket, but may not be able to reply promptly. You may also wish to join one of our two mailing lists
which are very active:

• https://groups.google.com/forum/#!forum/ansible-project - for user questions, tips, and tricks
• https://groups.google.com/forum/#!forum/ansible-devel - for strategy, future planning, and questions about writing code

Thank you once again for this and your interest in Ansible!

[roolo]

@mhfowler: I was able to bypass this by providing ansible_password in my inventory

[ohallors]

ansible_password worked for me too

[testServer]
192.168.33.10

[testServer:vars]
ansible_password=vagrant

[ringe]

This happende all of a sudden when I upgraded Ansible.

To successfully run I had to:

ansible-playbook --limit grunndata playbook.yml -c paramiko -u deploy

Earlier I have only run

ansible-playbook --limit grunndata playbook.yml

Normal SSH with the following works with no issues:

ssh deploy@grunndata

Something has changed.

What information can I provide to help debug this?

I am running the following:

• Ubuntu 16.04
• Ansible 2.1.0.0 installed via pip

[dohjoe]

+1

needed to add -c paramiko because one of 5 hosts was failing, and I could ssh into all of them successfully.

[davidwhthomas]

For me, I had an .ssh/config entry for my user to match to the remote hostname.

Host servername  
    User username

I could SSH directly to the server with ssh servername

However, with Ansible, I needed to add the -u parameter to the deploy command:

ansible-playbook -vvvv -i poc book_deploy.yml --ask-vault-pass --ask-become-pass -u username

After that, could deploy ok.

A little odd it didn't use the .ssh/config file as previously, but the workaround works, thanks :)

[ansibot]

@mhfowler closure has been requested for this issue or it has timed out waiting for your response.
click here for bot help

[pathcl]

Why this? I was so happy doing ansible -m ping all now I need to do -u user -c paramiko

[cue232s]

@roolo I also set 'ansible_password' and it began to work for me. What's it for? You can set it to literally anything you want and it will work now.

[endlesslight0]

Same issue with ansible 2.1.2.0 and --ask-pass option.
OS X 10.11.6

ohallors fix didn't help.

[roolo]

I am away from my computer for a few weeks. Pls ping me about this after
3rd of November if I'll not reply by myself. Thx

[idcmp]

Same.

$ ansible --version

ansible 2.2.0 (devel 6666d13654) last updated 2016/09/22 10:43:16 (GMT -700)
  lib/ansible/modules/core: (detached HEAD 0f505378c3) last updated 2016/09/23 17:20:56 (GMT -700)
  lib/ansible/modules/extras: (detached HEAD 935a3ab2cb) last updated 2016/09/23 17:20:56 (GMT -700)

Using -c paramiko seems to work better, it looks like -c smart is broken.

[tickcode]

In case it helps anyone, I resolved this issue on Ubuntu 16.04 by replacing this line in my hosts file...

web1 ansible_ssh_host=my_remote_user@my_ip

with

web1 ansible_ssh_host=my_ip

and then making sure I had added

remote_user=my_remote_user

to my ansible.cfg

For me it was simply because I had added the "my_remote_user@" in front of my ip address. This had worked before I upgraded.

[zaynetro]

I had the same issue and pinging the host first somehow resolved the issue.

ansible <host> -i <inventory-file> -m ping

UPD: I have to run ping command almost every time before executing the playbook. As after a couple of minutes of inactivity playbook fails again.

[roolo]

@cue232s It says to Ansible what password to use for ssh connection.

http://docs.ansible.com/ansible/intro_inventory.html#list-of-behavioral-inventory-parameters (looks like the parameter is now called ansible_ssh_pass)

[davestern]

I resolved a similar issue on Mac OS X with ansible 2.1.2.0 that may help. Not sure where else to post it. I could ssh to the instance, but running my playbook resulted in:

fatal: [ec2-1-2-3-4.us-west-2.compute.amazonaws.com]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh.", "unreachable": true}

No other error output. But it worked with -c paramiko appended.

I downgraded to ansible 1.9.4 (pip install ansible==1.9.4) and now when I run it I get the error:

fatal: [ec2-1-2-3-4.us-west-2.compute.amazonaws.com] => SSH Error: unix_listener: "/Users/myname/.ansible/cp/ansible-ssh-ec2-1-2-3-4.us-west-2.compute.amazonaws.com-22-ubuntu.0o1S2DUmaWg7dLdF" too long for Unix domain socket

So I upgraded back to 2.1.2.0 and I added an ansible.cfg file to my project directory with this content:

[ssh_connection]
control_path=%(directory)s/%%h-%%r

And the connection worked.

[showaltb]

I am experiencing the same problem as #15321 (comment)

ansible-playbook is failing to connect and is not creating the socket under ~/.ansible/cp. If I run ansible -m ping first, the socket is created and ansible-playbook will succeed if I run within 60 seconds.

Interestingly, if I run ansible-playbook with -vvv option and then copy the exact ssh command shown and run it, the connection succeeds and ansible-playbook will also succeed.

I'm having the problem on ansible-2.1.2.0 installed with Homebrew on macOS Sierra 10.12.1

Downgrading to 2.1.1.0 eliminates the problem for me.

[it-praktyk]

I had the same issue

• ansible: 2.1.2.0
• Fedora 24 as management box
• CentOS 7 as managed box

I've resolved it by adding key used to authentication to ssh-agent. The key used by me was without password.

[SirTimmyTimbit]

Having the same issue. Standard OpenSSH attempt fails but paramiko works.

Running Ansible inside Vagrant/Virtualbox on Windows to provision remote VMs. Both machines running Ubuntu 16.04. Ansible version 2.1.2.0 Ansible config file is located in /ansible/ansible.cfg.

hosts line:

raw1  ansible_host=xx.xx.xx.xx  ansible_port=22  ansible_user=root  ansible_ssh_pass=wer32dw

This fails:

ubuntu@devbox:/ansible$ sudo ansible raw1 -vvvv -m ping
Using /ansible/ansible.cfg as config file
Loaded callback minimal of type stdout, v2.0
<xx.xx.xx.xx> ESTABLISH SSH CONNECTION FOR USER: root
<66.23.245.125> SSH: EXEC sshpass -d12 ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o Port=22 -o User=root -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/ansible-ssh-%h-%p-%r 66.23.245.125 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1477987158.35-58855315932449 `" && echo ansible-tmp-1477987158.35-58855315932449="` echo $HOME/.ansible/tmp/ansible-tmp-1477987158.35-58855315932449 `" ) && sleep 0'"'"''
raw1 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh.",
    "unreachable": true
}

This works:

ubuntu@tgpdevbox:/ansible$ sudo ansible raw1 -vvvv -m ping -c paramiko
Using /ansible/ansible.cfg as config file
Loaded callback minimal of type stdout, v2.0
<xx.xx.xx.xx> ESTABLISH CONNECTION FOR USER: root on PORT 22 TO xx.xx.xx.xx
<xx.xx.xx.xx> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1477987431.74-236753198598806 `" && echo ansible-tmp-1477987431.74-236753198598806="` echo $HOME/.ansible/tmp/ansible-tmp-1477987431.74-236753198598806 `" ) && sleep 0'
<xx.xx.xx.xx> PUT /tmp/tmp7oXJF4 TO /root/.ansible/tmp/ansible-tmp-1477987431.74-236753198598806/ping
<xx.xx.xx.xx> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1477987431.74-236753198598806/ /root/.ansible/tmp/ansible-tmp-1477987431.74-236753198598806/ping && sleep 0'
<xx.xx.xx.xx> EXEC /bin/sh -c 'LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 LC_MESSAGES=en_US.UTF-8 /usr/bin/python /root/.ansible/tmp/ansible-tmp-1477987431.74-236753198598806/ping; rm -rf "/root/.ansible/tmp/ansible-tmp-1477987431.74-236753198598806/" > /dev/null 2>&1 && sleep 0'
raw1 | SUCCESS => {
    "changed": false,
    "invocation": {
        "module_args": {
            "data": null
        },
        "module_name": "ping"
    },
    "ping": "pong"
}

##Solution: Upgraded to Ansible 2.2.0.0 and I no longer have to use -c paramiko

[ktaragorn]

I had this error, with cron module, and upgrading to ansible 2.2.0.0 fixed for me too!

[rajivshprosper]

i can connect to my host as root but can not run my ansible

[root@workstation svc_deployer]# ansible puppet.home.io -m ping --become-user=root --ask-sudo-pass
SUDO password:
puppet.home.io | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh.",
    "unreachable": true
}
[root@workstation svc_deployer]# ssh puppet.home.io
root@puppet.home.io's password:
Last login: Sun Nov 13 18:45:00 2016 from 192.168.56.160
[root@puppet ~]#

i tried verbose

[root@workstation svc_deployer]# sudo ansible puppet.home.io -m ping --become-user=root -c ssh -vvvv --become-method=sudo
Using /etc/ansible/ansible.cfg as config file
Loaded callback minimal of type stdout, v2.0
<puppet.home.io> ESTABLISH SSH CONNECTION FOR USER: None
<puppet.home.io> SSH: EXEC ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/ansible-ssh-%h-%p-%r puppet.home.io '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1479092049.76-54149073209683 `" && echo ansible-tmp-1479092049.76-54149073209683="` echo $HOME/.ansible/tmp/ansible-tmp-1479092049.76-54149073209683 `" ) && sleep 0'"'"''
puppet.home.io | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh.",
    "unreachable": true
}

[rajivshprosper]

found the solution, ran the following command on my host to fix ssh key folder permission (Centos6.6)

[root@puppet ~]# restorecon -R -v /root/.ssh
restorecon reset /root/.ssh context unconfined_u:object_r:admin_home_t:s0->unconfined_u:object_r:ssh_home_t:s0
restorecon reset /root/.ssh/authorized_keys context unconfined_u:object_r:admin_home_t:s0->unconfined_u:object_r:ssh_home_t:s0

and was able to run setup

[root@workstation ~]# ansible puppet -m setup
puppet.home.io | SUCCESS => {
    "ansible_facts": {
        "ansible_all_ipv4_addresses": [
            "192.168.56.170",
            "192.168.1.89"
        ],
        "ansible_all_ipv6_addresses": [
            "fe80::a00:27ff:fe6a:41b1",
            "2602:306:8b7f:37d0:a00:27ff:fea7:e797",
            "fe80::a00:27ff:fea7:e797"
        ],

[marcstreeter]

tried a couple combinations of ansible_host names and I've found it works with

foo.bar.com
XXX.XXX.XXX.XXX (ip addresses)

and that it doesn't work (without specifying paramiko) with

foo-with-dashes.bar.com
foo.with.periods.AND.more.than.one.section.before.bar.com

[zaynetro]

Limiting ssh key permissions to 600 fixed this issue.

[miuel]

Having the same issue:
ansible 2.1.2.0
Ubuntu 14.04.5 x64

Error:

failed: [shshprod](item=shsh-api) => {"item": "shsh-api", "msg": "Failed to connect to the host via ssh.", "unreachable": true}

when i try to make ansible-playbook -i inventory.ini shsh.yml --key-file ssh/deploy
Is it for ssh key permissions ?

[castroflavio]

How do we solve this at the end of the day?

[TheAtomicOption]

edit: it appears the SSH service on my remote machine may have crashed. I tried to start a new ssh session with PuTTY and it closes the connection before the login prompt.

edit2: SSH service on the remote machine is indeed not working correctly anymore although I haven't gotten a response as to exactly what the error is yet. Since it happened directly after this Ansible script was run, I'm leaving this here as if an Ansible error caused sshd to crash it may still be related to this issue. Some details for anyone trying to recreate: both target and control machines are intel xeons running CentOS 7. control version is centos-release-7-4.1708.e17.centos.x86_64 with the target having an iris graphics setup.

---

I seem to be having this issue all of a sudden under ansible 2.4.1.0. Everything was working fine as I debugged a new role, and then this suddenly started happening.

These were the malformed tasks that failed just before it stopped connecting:

 - name: Get media SDK install folder contents
    command: "ls /opt/a-specific-directory/"
    register: directories

  - name: verify expected directories in install folder
    fail:
    when: not ({{directories}}|search({{item}}))
    vars:
        nested_list:
          - - dir1
            - dir2
            - dir3
            - dir4
            - dir5
            - dir6
            - dir7
            - dir8
            - dir9
    with_items: "{{ nested_list }}"

They threw this error:

TASK: verify expected directories in install folder
 [WARNING]: when statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: not
({{directories}}|search({{item}}))

fatal: [10.105.15.118]: FAILED! => {"failed": true, "msg": "The conditional check 'not ({{directories}}|search({{item}}))' failed. The error was: template error while templating string: expected token ':', got 'string'. String: {% if not ({'stderr_lines': [], u'changed': True, u'end': u'2017-11-28 12:12:31.502092', 'failed': False, u'stdout': u'dir2\\ndir3\\ndir4\\ndir5\\ndir6\\ndir7\\ndir8\\ndir9', u'cmd': [u'ls', u'/opt/a-specific-directory/'], u'rc': 0, u'start': u'2017-11-28 12:12:31.500354', u'stderr': u'', u'delta': u'0:00:00.001738', 'stdout_lines': [u'dir2', u'dir3', u'dir4', u'dir5', u'dir6', u'dir7', u'dir8', u'dir9']}|search(dir1)) %} True {% else %} False {% endif %}\n\nThe error appears to have been in '/home/my-playbook-location/playbook.yml': line 6, column 5, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n  - name: Verify expected directories in media SDK install folder\n    ^ here\n"}

I copied the error msg from running ansible-playbook -vvvv myplaybook.yml afterwards and got:

Failed to connect to the host via ssh: OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: auto-mux: Trying existing master
debug1: Control socket "/home/MY-USER/.ansible/cp/01607ca611" does not exist
debug2: resolving "[MY-REMOTE-IP]" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to MY-REMOTE-IP [MY-REMOTE-IP] port 22.
debug2: fd 3 setting O_NONBLOCK
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug3: timeout: 10000 ms remain after connect
debug1: identity file /home/MY-USER/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/MY-USER/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/MY-USER/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/MY-USER/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/MY-USER/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/MY-USER/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/MY-USER/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/MY-USER/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 10.105.15.118:22 as 'root'
debug3: hostkeys_foreach: reading file "/home/MY-USER/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/MY-USER/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from 10.105.15.118
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
Connection reset by MY-REMOTE-IP port 22

Not sure what to make of that, since it'd been working up until now.
Both id_rsa files on the controller, and the authorized_keys on the remote machine are unchanged since I added the public key there a week ago and permissions remain 600.

edit: it appears the SSH service on my remote machine may have crashed. I tried to start a new ssh session with PuTTY and it closes the connection before the login prompt.

[perguth]

Yeah, I even expect that problem whenever I start using Ansible on a new Mac. That's sad.

[zero-code-hero]

Just ran into this, only seems to occur on my mac though.

[abteenz]

connection: local in the playbook fixed my problem

[sharma-rajendra]

Same error facing:
fatal: [1.2.3.4]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '1.2.3.4' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey).\r\n", "unreachable": true}

SSH works but ansible throws unreachable error

[vinitkhandagle]

@induraj looks like the user that your running ansible with does not have access to the key.
could you also put the output of ansible --version.
also make sure you have install ansible only by one method either (pip or brew)

[sharma-rajendra]

Thanks for quick response:
(ansble) ansible@sharma:~$ pip freeze |grep ansible
ansible==2.4.2.0

[vinitkhandagle]

are u running through the virtualenv does that have access to the key?

[sharma-rajendra]

yes they have access:
ll ~/.ssh/raj_aws.pem
-rw------- 1 ansible ansible 1692 Jan 13 23:12 .ssh/raj_aws.pem.
Is there anything required?

[vinitkhandagle]

@induraj I am completely not sure but it could be not getting the right permissions through the virtualenv.

[sharma-rajendra]

OK. even i am trying the same, still trying to figure it out.

let me share what I have till now.

• created virtualenv
• installed ansible with dependency.
• able to create EC2 instance with ansible.
• but facing problem login into the EC2 VM with ansible.

Could you please help me with accessing the EC2 VM via ansible so that I can move ahead my testing with ansible.

[sharma-rajendra]

I have configured on base machine without virtualenv is working. Might be there is some user authentication issue.

[cdflint]

If you ssh-agent has multiple keys use the ansible_ssh_private_key_file variable in your hosts entry to specify your private key instead of ssh-agent passing the wrong key and being rejected.

[bcoca]

List Information

Hi!

Thanks very much for your interest in Ansible. It sincerely means a lot to us.

This appears to be a user question, and we'd like to direct these kinds of things to either the mailing list or the IRC channel.

• IRC: #ansible on irc.freenode.net
• mailing list: https://groups.google.com/forum/#!forum/ansible-project

If you can stop by there, we'd appreciate it. This allows us to keep the issue tracker for bugs, pull requests, RFEs and the like.

Thank you once again and we look forward to seeing you on the list or IRC. Thanks!

[kevingerman]

In my case the main issue is that the control file was not created and as a result the proxy command did not have proper permissions.

Command revealed by adding -vvvvvvv option to ansible cmd:

ssh -vvv -o ControlMaster=auto -o ControlPersist=30m -o ConnectionAttempts=100 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o Port=22 -o 'IdentityFile="secret.id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=luser -o ConnectTimeout=10 -o 'ProxyCommand=ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -W %h:%p -q luser@192.168.1.16' -o ControlPath=/Users/me/.ansible/cp/3b9a3c71ba 10.0.3.27 '/bin/sh -c '"'"'python && sleep 0'"'"''

If I manually created a route to 10.0.3.* and reran that command without the -o 'ProxyCommand=ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -W %h:%p -q luser@192.168.1.16' option. The control file was created, then everything worked.

I mucked around a bit with ForwardAgent options on my host and on the proxy host to no avail. Eventually I just punted and ran that command for each of the failing hosts and let the hack unblock my work.

[jmeridth]

I was using a non-standard private key and it wasn't being found. It was 600 perms. ssh-add <path-to-private-key> fixed my issue.

[prikkeldraad]

Adding my key with ssh-copy-id to the remote server fixed the problem.

[sherzzo]

adding -o ControlMaster=auto -o ControlPersist=30m to ssh args fixed the issue for me.

• ansible version: 2.4.1.0
• os: macos sierra
• remotes: ec2 instances (centos7, t2.micro)

More:

Getting "UNREACHABLE" error in the midst of role tasks. Would stop on the same task. But would run if I isolated only that task (via tags).

[kakarukeys]

I had the same problem with ansible 2.6.0
my ssh_args in ansible.cfg

ssh_args = -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=30m -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no

I was able to SSH into the hosts manually
but running ansible-playbook or ansible -m ping had problems
downgrading ansible to 2.5.5 solved the problem for me

[changchichung]

I have the same problem , ubuntu 14.04 with ansible 2.6.2 (upgrade from ansible 1.9)

ansible -m ping myServer gave me UNREACHABLE! error.
ansible -c local -m ping myServer worked.

according to @kararukeys
I downgrade to 2.5.5 , But it`s still the same

2018-08-01 16:00:32 [mini@hq ansiblecontrol]$ ansible hqpc222.abc.com -i inventory/kw.production -m ping -vvv
/usr/local/lib/python2.7/dist-packages/cryptography/hazmat/primitives/constant_time.py:26: CryptographyDeprecationWarning: Support for your Python version is deprecated. The next version of cryptography will remove support. Please upgrade to a 2.7.x release that supports hmac.compare_digest as soon as possible.
  utils.DeprecatedIn23,
ansible 2.5.5
  config file = /home/mini/D/ansiblecontrol/ansible.cfg
  configured module search path = [u'/home/mini/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python2.7/dist-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 2.7.6 (default, Oct 26 2016, 20:30:19) [GCC 4.8.4]
Using /home/mini/D/ansiblecontrol/ansible.cfg as config file
Parsed /home/mini/D/ansiblecontrol/inventory/kw.production inventory source with ini plugin
[pid 2014] 16:00:41.194783 D mitogen: mitogen.service.Pool(0x7f73f53147d0, size=16, th='MainThread'): initialized
[pid 2014] 16:00:41.195890 D ansible_mitogen.process: Service pool configured: size=16
META: ran handlers
[pid 2033] 16:00:41.233401 D mitogen: unix.connect(path='/tmp/mitogen_unix_uMVCQQ')
[pid 2033] 16:00:41.234083 D mitogen: unix.connect(): local ID is 1, remote is 0
[pid 2014] 16:00:41.235861 D mitogen: mitogen.ssh.Stream(u'default').connect()
[pid 2014] 16:00:41.304490 D mitogen: hybrid_tty_create_child() pid=2037 stdio=63, tty=17, cmd: ssh -o "LogLevel ERROR" -o "Compression yes" -o "ServerAliveInterval 15" -o "ServerAliveCountMax 3" -o "StrictHostKeyChecking no" -o "UserKnownHostsFile /dev/null" -o "GlobalKnownHostsFile /dev/null" -C -o ControlMaster=auto -o ControlPersist=60s hqpc222.abc.com /usr/bin/python -c "'import codecs,os,sys;_=codecs.decode;exec(_(_(\"eNqFkc1OwzAQhM/NU+S2tmqlTuiFSJFAPSAOCClC9AAVyo9DLRLbOG5NeXq2KVKTcuC2n3bWMxrnbJ3pPjLSCEIDy/yIZBMiNNp+EJoGM5zrnUkIZzHn9Mw5G5PFbXziqtW9IPkY7BjWY/AIaNgf0L4tHLp2YZaFUBfWSwVhoephKb5EtXNF2Yphvdj1dlFKtTAHt9UKMOfsQjbPhsO9sL3U6iW92gy2Qu2lRYbb/O6Zwyabnp00iC2ZLtgU50A66fS7UGknFRrcbD/7JOGR6Arn0DOqdBc5nyY8XlKgAT7rrXSCxAwe7p8eOeevCjBOpWtsnQar7I0ce6+1EQrbBlsCjawoahInS35NGXxLgy81Jjvr1gx8CcevaMyvwWqYT/VeqP1/6r8p40nKH0t5sts=\".encode(),\"base64\"),\"zip\"))'"
[pid 2014] 16:00:41.305373 D mitogen: mitogen.ssh.Stream(u'local.2037').connect(): child process stdin/stdout=63
[pid 2014] 16:00:51.245756 D mitogen: mitogen.ssh.Stream(u'local.2037'): child process still alive, sending SIGTERM
[pid 2033] 16:00:51.246902 D mitogen: mitogen.core.Stream(u'unix_listener.2014').on_disconnect()
[pid 2033] 16:00:51.247108 D mitogen: Waker(Broker(0x7f73f4ac2dd0) rfd=14, wfd=15).on_disconnect()
[pid 2014] 16:00:51.247242 D mitogen: mitogen.core.Stream(u'unix_client.2033').on_disconnect()
hqpc222.abc.com | UNREACHABLE! => {
    "changed": false, 
    "msg": "Connection timed out.", 
    "unreachable": true
}
[pid 2014] 16:00:51.288028 I mitogen: mitogen.service.Pool(0x7f73f53147d0, size=16, th='mitogen.service.Pool.7f73f53147d0.worker-12'): channel or latch closed, exitting: None
[pid 2014] 16:00:51.288404 D mitogen: Waker(Broker(0x7f73f530af50) rfd=9, wfd=11).on_disconnect()
[pid 2014] 16:00:51.288691 D mitogen: <mitogen.unix.Listener object at 0x7f73f5314450>.on_disconnect()
2018-08-01 16:00:51 [mini@hq ansiblecontrol]$ 

any suggestions ? please ~

[migueldiaz66]

ISSUE TYPE

• Bug Report

ANSIBLE VERSION

ansible 2.0.0.2
  config file = 
  configured module search path = Default w/o overrides

CONFIGURATION

No changes

OS / ENVIRONMENT

OS X El Capitan Version 10.11.3

SUMMARY

I can connect to my Rasberry Pi through ssh through an ethernet cable via "ssh pi@169.254.0.2" but running Ansible with this IP address as a host fails.

I have successfully configured this Rasberry Pi with ansible through wifi (using the wifi IP address), but now trying to use ansible via the direct ethernet connection I get the cryptic error message:

`TASK [setup] *******************************************************************
fatal: [169.254.0.2]: UNREACHABLE! => {"changed": false, "msg": "ERROR! (25, 'Inappropriate ioctl for device')", "unreachable": true}`

Because I can successfully connect to this pi using that IP address through ssh from terminal, I am positing that this is a bug in Ansible.

STEPS TO REPRODUCE

I run this command to rune the role

ansible-playbook ansible-pi/playbook.yml -i ansible-pi/hosts --ask-pass --sudo -c paramiko -vvvv

I also tried

ansible-playbook ansible-pi/playbook.yml -i ansible-pi/hosts --ask-pass --sudo -vvvv

which lead to the same error.

hosts file

[pis]
169.254.0.2

playbook

---

- name: Ansible Playbook for configuring brand new Raspberry Pi

  hosts: pis
  roles:
    - pi
  remote_user: pi
  sudo: yes

I assume that the role is actually unimportant because ansible is failing at the ssh connection step.

EXPECTED RESULTS

I expect ansible to connect to pi and run the role (I have successfully done this via connecting over an IP address through wifi)

ACTUAL RESULTS

/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/getpass.py:83: GetPassWarning: Can not control echo on the terminal.
No config file found; using defaults
  passwd = fallback_getpass(prompt, stream)
Warning: Password input may be echoed.
SSH password: raspberry

[DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and 
make sure become_method is 'sudo' (default). This feature will be removed in a 
future release. Deprecation warnings can be disabled by setting 
deprecation_warnings=False in ansible.cfg.
Loaded callback default of type stdout, v2.0
1 plays in ansible-pi/playbook.yml

PLAY [Ansible Playbook for configuring brand new Raspberry Pi] *****************

TASK [setup] *******************************************************************
<169.254.0.2> ESTABLISH CONNECTION FOR USER: pi on PORT 22 TO 169.254.0.2
CONNECTION: pid 2118 waiting for lock on 10
CONNECTION: pid 2118 acquired lock on 10
fatal: [169.254.0.2]: UNREACHABLE! => {"changed": false, "msg": "ERROR! (25, 'Inappropriate ioctl for device')", "unreachable": true}

PLAY RECAP *********************************************************************
169.254.0.2                : ok=0    changed=0    unreachable=1    failed=0   

[timdiels]

On OpenSSH_7.9p1, OpenSSL 1.1.1b, ansible 2.7.8, when confronted with the UNREACHABLE error, with msg containing that authentication succeeded (Authenticated to) but mentioning a broken pipe (debug3: mux_client_read_packet: read header failed: Broken pipe), setting -o ControlMaster=no in ssh_args worked for me without having to use paramiko or dropping ControlPersist.