Ansible Can't SSH When SSH Communicator Uses Password

[guybarzi]

Hi,

I'm trying to provision an Ubuntu 18.04.5 machine with ansible provisioner after building it with vsphere-iso.

However, Ansible can't SSH to the machine, it prompts the following error:

fatal: [default]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '10.0.0.1' (ECDSA) to the list of known hosts.\r\nLoad key \"/tmp/ansible-key305487509\": invalid format\r\nuser@10.0.0.1: Permission denied (publickey,password).\r\n", "unreachable": true}

After looking into the problem a little bit, it seems that the problem is that the key file created is empty. I do use the ssh_password for the SSH communicator instead of a key file. When I insert ansible_ssh_pass as an extra argument for ansible, everything works. However, I think it should work automatically, even with ssh_password.

I would appreciate help in fixing this issue or telling me what I did wrong if the problem is on my end.

Here is the configuration associated with the issue:

source "vsphere-iso" "ubuntu_18_04_5" {
    CPUs                    = 1
    RAM                     = 1024
    boot_command            = ["<enter><wait><f6><wait><esc><wait>",
                               "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
                               "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
                               "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
                               "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
                               "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
                               "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
                               "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
                               "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
                               "<bs><bs><bs>",
                               "/install/vmlinuz",
                               " initrd=/install/initrd.gz",
                               " priority=critical",
                               " locale=en_US",
                               " file=/media/preseed.cfg",
                               "<enter>"]
    boot_order              = "disk,cdrom"
    cluster                 = var.cluster
    convert_to_template     = true
    datacenter              = var.datacenter
    datastore               = var.datastore
    disk_controller_type    = ["pvscsi"]
    floppy_files            = [var.preseed_path]
    folder                  = var.vm_folder
    guest_os_type           = "ubuntu64Guest"
    host                    = var.host
    insecure_connection     = true
    iso_checksum            = "sha256:8c5fc24894394035402f66f3824beb7234b757dd2b5531379cb310cedfdf0996"
    iso_url                 = "http://cdimage.ubuntu.com/releases/18.04/release/ubuntu-18.04.5-server-amd64.iso"
    network_adapters {
        network = var.network
        network_card = "vmxnet3"
    }
    storage {
        disk_size = "10240"
        disk_thin_provisioned = true
    }
    vcenter_server          = var.vcenter
    username                = var.vcenter_user
    password                = var.vcenter_password
    ssh_username            = var.ssh_user
    ssh_password            = var.ssh_password
    vm_name                 = "Ubuntu_18_04_5-Packer"
    notes                   = "Packer™ Created"
}

build {
    sources = ["source.vsphere-iso.ubuntu_18_04_5"]
    provisioner "ansible" {
        playbook_file = "ubuntu_18_04_5/playbook.yml"
        keep_inventory_file = true
        use_proxy = false
        ansible_env_vars = ["ANSIBLE_HOST_KEY_CHECKING=False"]
    }
}

Thanks in advance!

[SwampDragons]

What version of Packer are you on? Of Ansible? I'd have expected #9350 to address this but maybe it wasn't enough for older versions of ansible that still use the ansible_ssh_pass flag, which I think was prior to ansible v2.0

[guybarzi]

Packer version: 1.6.6
Ansible version: 2.5.1

Anyway, shouldn't packer ansible provisioner be able to establish an SSH connection without "manual" interference even when the user passes the SSH communicator a password instead of an SSH key file?

Thanks in advance!

[guybarzi]

For clarification:

When I use the ansible_ssh_pass extra arg everything works.
Shouldn't it work automatically though? Shouldn't Packer take care of the SSH connection automatically (without me having to "manually" insert the password) as stated in the documentation?
Packer ansible provisioner does create an SSH key file and try using it, but it fails because the SSH key file is empty. That is why I had to insert the password "manually".

[SwampDragons]

You're right, ideally this should work automatically.

[ghost]

This issue has been automatically migrated to hashicorp/packer-plugin-ansible#6 because it looks like an issue with that plugin. If you believe this is not an issue with the plugin, please reply to hashicorp/packer-plugin-ansible#6.

[jeremymcgee73]

Just wanted to comment to say I have been having this problem on RHEL and Windows. I thought it was something in my environment, and switched to other ways of doing auth. (just using a private key to connect).

But, this compounded with the RHEL 8.* SSH (#8609) issue, made the solution I use for other OSs, not work.

[jeremymcgee73]

I will open another issue after some more troubleshooting. But, I'm also having an issue using the ssh_authorized_key_file property, it still generates the key which is empty, and does not pass the value in ssh_authorized_key_file.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.