Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Leader detection may try incorrect SSH user in HA mode #56

Closed
3 tasks
sk4zuzu opened this issue Jun 14, 2024 · 0 comments
Closed
3 tasks

Leader detection may try incorrect SSH user in HA mode #56

sk4zuzu opened this issue Jun 14, 2024 · 0 comments
Assignees
@sk4zuzu
Labels
bug Something isn't working

Comments

@sk4zuzu
Copy link
Contributor

sk4zuzu commented Jun 14, 2024

Description
The following inventory:

---
all:
  vars:
    ansible_user: ubuntu
    ensure_keys_for: [root]
    ensure_hosts: true
    one_pass: asd
    one_version: '6.8'
    ds: { mode: ssh }
    one_vip: 10.2.50.86
    one_vip_cidr: 24
    one_vip_if: eth0

infra:
  vars:
    os_image_url: https://d24fmfybwxpuhu.cloudfront.net/ubuntu2204-6.10.0-1-20240514.qcow2
    os_image_size: 20G
    infra_bridge: br0
  hosts:
    n1a1: { ansible_host: 10.2.50.10 }

frontend:
  vars:
    context:
      ETH0_DNS: 10.2.50.1
      ETH0_GATEWAY: 10.2.50.1
      ETH0_MASK: 255.255.255.0
      ETH0_NETWORK: 10.2.50.0
      ETH0_IP: "{{ ansible_host }}"
      PASSWORD: opennebula
      SSH_PUBLIC_KEY:  |
        ssh-rsa ...
  hosts:
    f1: { ansible_user: root, ansible_host: 10.2.50.100, infra_hostname: n1a1 }
    f2: { ansible_user: root, ansible_host: 10.2.50.101, infra_hostname: n1a1 }

node:
  hosts:
    n1a1: { ansible_host: 10.2.50.10 }

Causes this errror:

TASK [opennebula.deploy.opennebula/leader : Get Zone] *********************************************************************************************
task path: /stor/asd/_git/one-deploy/ansible_collections/opennebula/deploy/roles/opennebula/leader/tasks/main.yml:27
Friday 14 June 2024  09:35:42 +0200 (0:00:00.315)       0:00:17.374 ***********
Using module file /home/asd/.cache/pypoetry/virtualenvs/one-deploy-zyWWq5iB-py3.11/lib/python3.11/site-packages/ansible/modules/command.py
Pipelining is enabled.
<10.2.50.86> ESTABLISH SSH CONNECTION FOR USER: ubuntu
<10.2.50.86> SSH: EXEC ssh -q -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="ubuntu"' -o ConnectTimeout=30 -o 'ControlPath="/home/asd/.ansible/cp/cfeaabda9e"' 10.2.50.86 '/bin/sh -c '"'"'sudo -H -S -n  -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-olhlneagxydwxjhonwzahjtejgjcdsec ; /usr/bin/python3'"'"'"'"'"'"'"'"' && sleep 0'"'"''
Using module file /home/asd/.cache/pypoetry/virtualenvs/one-deploy-zyWWq5iB-py3.11/lib/python3.11/site-packages/ansible/modules/command.py
Pipelining is enabled.
<10.2.50.86> ESTABLISH SSH CONNECTION FOR USER: ubuntu
<10.2.50.86> SSH: EXEC ssh -q -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="ubuntu"' -o ConnectTimeout=30 -o 'ControlPath="/home/asd/.ansible/cp/cfeaabda9e"' 10.2.50.86 '/bin/sh -c '"'"'sudo -H -S -n  -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-zpqlsguihcfsiaaybptojlmjtexsdwhq ; /usr/bin/python3'"'"'"'"'"'"'"'"' && sleep 0'"'"''
fatal: [f1 -> 10.2.50.86]: UNREACHABLE! => changed=false
  msg: 'Data could not be sent to remote host "10.2.50.86". Make sure this host can be reached over ssh: '
  unreachable: true
fatal: [f2 -> 10.2.50.86]: UNREACHABLE! => changed=false
  msg: 'Data could not be sent to remote host "10.2.50.86". Make sure this host can be reached over ssh: '
  unreachable: true

The problem is that when one_vip is used to contact the Leader delegate_to does not know which ansible_user should be used for the SSH connection, so it takes whatever it finds in hostvars.

To Reproduce

  1. Define "global" ansible_user in the inventory.
  2. Override ansible_user (different value) for all Front-ends (HA).
  3. Run ansible-playbook.

Expected behavior
No error, delegate_to uses the correct SSH user.

Details

  • Ansible version: N/A
  • Linux OS distro in your cluster: N/A
  • Version: 1.1.0

Additional context
N/A

Progress Status

  • Code committed
  • Testing - QA
  • Documentation (Release notes - resolved issues, compatibility, known issues)
@sk4zuzu sk4zuzu added the bug Something isn't working label Jun 14, 2024
@sk4zuzu sk4zuzu self-assigned this Jun 14, 2024
sk4zuzu added a commit that referenced this issue Jun 14, 2024
@sk4zuzu
B #56: Make delegate_to use correct ansible_user for one_vip
03fe4f1
sk4zuzu added a commit that referenced this issue Jun 14, 2024
@sk4zuzu
B #56: Make delegate_to use correct ansible_user for one_vip
df066b7
sk4zuzu added a commit that referenced this issue Jun 17, 2024
@sk4zuzu
B #56: Make delegate_to use correct ansible_user for one_vip
7481be7
sk4zuzu added a commit that referenced this issue Jun 17, 2024
@sk4zuzu
B #56: Make delegate_to use correct ansible_user for one_vip
aa49f7a
rsmontero pushed a commit that referenced this issue Jun 18, 2024
@sk4zuzu
B #56: Make delegate_to use correct ansible_user for one_vip (#57)
60c6f01
@sk4zuzu sk4zuzu closed this as completed Jun 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sk4zuzu sk4zuzu

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sk4zuzu