New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ansible can't connect with AWS public DNS, but it can connect with the raw IP. #15508

Closed
santiagobasulto opened this Issue Apr 20, 2016 · 5 comments

Comments

Projects
None yet
6 participants
@santiagobasulto

santiagobasulto commented Apr 20, 2016

ISSUE TYPE
  • Bug Report
ANSIBLE VERSION
ansible 2.0.2.0
  config file =
  configured module search path = Default w/o overrides
OS / ENVIRONMENT

Mac OSX El Capitan (10.11.3)

SUMMARY

This issue is strange. If I use the public DNS provided by AWS, Ansible fails to connect (see error report below). But if I use the IP address it can connect and everything works.

Just to make sure, I can ssh into it without issues (providing the same username and key file than ansible is using).

Output Error

No config file found; using defaults
Loaded callback default of type stdout, v2.0

PLAYBOOK: rmotr_admin-deploy.yml ***********************************************
1 plays in playbooks/rmotr_admin-deploy.yml

PLAY [rmotr-admin] *************************************************************

TASK [setup] *******************************************************************
<ec2-52-18-118-51.eu-west-1.compute.amazonaws.com> ESTABLISH SSH CONNECTION FOR USER: ubuntu
<ec2-52-18-118-51.eu-west-1.compute.amazonaws.com> SSH: ansible.cfg set ssh_args: (-o)(ControlMaster=auto)(-o)(ControlPersist=60s)
<ec2-52-18-118-51.eu-west-1.compute.amazonaws.com> SSH: ANSIBLE_PRIVATE_KEY_FILE/private_key_file/ansible_ssh_private_key_file set: (-o)(IdentityFile="/Users/santiagobasulto/.ssh/rmotr.pem")
<ec2-52-18-118-51.eu-west-1.compute.amazonaws.com> SSH: ansible_password/ansible_ssh_pass not set: (-o)(KbdInteractiveAuthentication=no)(-o)(PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey)(-o)(PasswordAuthentication=no)
<ec2-52-18-118-51.eu-west-1.compute.amazonaws.com> SSH: ANSIBLE_REMOTE_USER/remote_user/ansible_user/user/-u set: (-o)(User=ubuntu)
<ec2-52-18-118-51.eu-west-1.compute.amazonaws.com> SSH: ANSIBLE_TIMEOUT/timeout set: (-o)(ConnectTimeout=10)
<ec2-52-18-118-51.eu-west-1.compute.amazonaws.com> SSH: PlayContext set ssh_common_args: ()
<ec2-52-18-118-51.eu-west-1.compute.amazonaws.com> SSH: PlayContext set ssh_extra_args: ()
<ec2-52-18-118-51.eu-west-1.compute.amazonaws.com> SSH: found only ControlPersist; added ControlPath: (-o)(ControlPath=/Users/santiagobasulto/.ansible/cp/ansible-ssh-%h-%p-%r)
<ec2-52-18-118-51.eu-west-1.compute.amazonaws.com> SSH: EXEC ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/santiagobasulto/.ssh/rmotr.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 -o ControlPath=/Users/santiagobasulto/.ansible/cp/ansible-ssh-%h-%p-%r ec2-52-18-118-51.eu-west-1.compute.amazonaws.com '/bin/sh -c '"'"'( umask 22 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1461186869.5-5816100855549 `" && echo "` echo $HOME/.ansible/tmp/ansible-tmp-1461186869.5-5816100855549 `" )'"'"''
fatal: [ec2-52-18-118-51.eu-west-1.compute.amazonaws.com]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh.", "unreachable": true}
        to retry, use: --limit @playbooks/rmotr_admin-deploy.retry

PLAY RECAP *********************************************************************
ec2-52-18-118-51.eu-west-1.compute.amazonaws.com : ok=0    changed=0    unreachable=1    failed=0
@bcoca

This comment has been minimized.

Show comment
Hide comment
@bcoca

bcoca Apr 22, 2016

Member

List Information

Hi!

Thanks very much for your interest in Ansible. It sincerely means a lot to us.

This appears to be a user question, and we'd like to direct these kinds of things to either the mailing list or the IRC channel.

This does not look as much as an Ansible issue as an ssh/DNS setup on your controller issue.

If you can stop by there, we'd appreciate it. This allows us to keep the issue tracker for bugs, pull requests, RFEs and the like.

Thank you once again and we look forward to seeing you on the list or IRC. Thanks!

Member

bcoca commented Apr 22, 2016

List Information

Hi!

Thanks very much for your interest in Ansible. It sincerely means a lot to us.

This appears to be a user question, and we'd like to direct these kinds of things to either the mailing list or the IRC channel.

This does not look as much as an Ansible issue as an ssh/DNS setup on your controller issue.

If you can stop by there, we'd appreciate it. This allows us to keep the issue tracker for bugs, pull requests, RFEs and the like.

Thank you once again and we look forward to seeing you on the list or IRC. Thanks!

@bcoca bcoca closed this Apr 22, 2016

@suside

This comment has been minimized.

Show comment
Hide comment
@suside

suside Apr 26, 2016

This seems to be duplicate of #11536 but you have to run cmd from SSH: EXEC to see it:
unix_listener: "/home/deploy/.ansible/cp/ansible-ssh-XXXX.compute.amazonaws.com-22-ubuntu.XXXX" too long for Unix domain socket

Currently that error is hiden behind:
fatal: [XXX.compute.amazonaws.com]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh.", "unreachable": true}
but with ansible 2.0.0.2 you got it on stdout/er.

suside commented Apr 26, 2016

This seems to be duplicate of #11536 but you have to run cmd from SSH: EXEC to see it:
unix_listener: "/home/deploy/.ansible/cp/ansible-ssh-XXXX.compute.amazonaws.com-22-ubuntu.XXXX" too long for Unix domain socket

Currently that error is hiden behind:
fatal: [XXX.compute.amazonaws.com]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh.", "unreachable": true}
but with ansible 2.0.0.2 you got it on stdout/er.

@Marian0

This comment has been minimized.

Show comment
Hide comment
@Marian0

Marian0 Nov 6, 2016

I have the same error. If I use in my host file the public DNS of Amazon Ec2 I got:

ec2-54-205-*.compute-1.amazonaws.com | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh.",
    "unreachable": true
}

If I change the DNS by an IP works like a charm.

Marian0 commented Nov 6, 2016

I have the same error. If I use in my host file the public DNS of Amazon Ec2 I got:

ec2-54-205-*.compute-1.amazonaws.com | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh.",
    "unreachable": true
}

If I change the DNS by an IP works like a charm.

@timgalebach

This comment has been minimized.

Show comment
Hide comment
@timgalebach

timgalebach Dec 5, 2016

Any update here?

I have the same issue, and it works perfectly for me when I use regular ssh. This indicates that the issue is with Ansible, and not my DNS setup.

timgalebach commented Dec 5, 2016

Any update here?

I have the same issue, and it works perfectly for me when I use regular ssh. This indicates that the issue is with Ansible, and not my DNS setup.

@markmuir87

This comment has been minimized.

Show comment
Hide comment
@markmuir87

markmuir87 Dec 16, 2016

I ran in to the same problem. Based on the comments in ansible.cfg, the length of the ec2 domain name is going over the character limit for file socket names (I have no understanding of what I just said...). Long story short, the answer is this issue comment as pointed out by @suside .

Presumably it wouldn't help if you're running from within a deeply nested directory (or one with a long name). I simply uncommented the first 'control_path' example in the stock ansible.cfg file and it started working. It now reads:

control_path = %(directory)s/%%h-%%r

EDIT: Just to be clear, based on my shaky understanding, it's neither a problem with your DNS setup nor Ansible. I think it's some sort of fundamental limitation of our operating systems.

markmuir87 commented Dec 16, 2016

I ran in to the same problem. Based on the comments in ansible.cfg, the length of the ec2 domain name is going over the character limit for file socket names (I have no understanding of what I just said...). Long story short, the answer is this issue comment as pointed out by @suside .

Presumably it wouldn't help if you're running from within a deeply nested directory (or one with a long name). I simply uncommented the first 'control_path' example in the stock ansible.cfg file and it started working. It now reads:

control_path = %(directory)s/%%h-%%r

EDIT: Just to be clear, based on my shaky understanding, it's neither a problem with your DNS setup nor Ansible. I think it's some sort of fundamental limitation of our operating systems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment