Actually I figured it shortly after but you are spot on as the dynamic inventory reference by IP whereas in my .ssh/config it originally had host entry. Solution was to define wildcard IP in .ssh/config.
On Friday, June 24, 2016 at 2:00:46 PM UTC-4, Chris Shultz wrote: > > Is the host you are attempting to reach set up as the ip that ec2.py > returns (x.x.x.x in your pasted output) in your ~/.ssh/config or as the > devtest3 hostname you connected to in your SSH debug output? > On Jun 22, 2016 9:31 AM, "Anthony Cheng" <[email protected] > <javascript:>> wrote: > >> I am trying to access an EC2 instance with Ansible installed on another >> EC2 instance; my hosts are setup with a bastion host. I have been >> following this post >> http://blog.scottlowe.org/2015/12/24/running-ansible-through-ssh-bastion-host/ >> >> which seems fairly straight forward. >> >> I can ssh directly and ping from this host to the IP given from dynamic >> inventory (an public IP); but why is a simple ansible ping failing when >> actual ssh works and pingable? >> >> root@ip-host:/etc/ansible# ansible -i /etc/ansible/inventory/ec2.py >> tag_managed_ansible -m ping -vvvv >> Using /etc/ansible/ansible.cfg as config file >> Loaded callback minimal of type stdout, v2.0 >> <x.x.x.x> ESTABLISH SSH CONNECTION FOR USER: ubuntu >> <x.x.x.x> SSH: EXEC ssh -C -vvv -F /root/.ssh/config -o >> ControlMaster=auto -o ControlPersist=10m -o >> 'IdentityFile="/home/ubuntu/.ssh/asdev.pem"' -o >> KbdInteractiveAuthentication=no -o >> PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey >> -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 -o >> 'ControlPath=~/.ssh/ansible-%r@%h:%p' x.x.x.x '/bin/sh -c '"'"'( umask 77 >> && mkdir -p "` echo >> $HOME/.ansible/tmp/ansible-tmp-1466601336.03-126192442556847 `" && echo >> ansible-tmp-1466601336.03-126192442556847="` echo >> $HOME/.ansible/tmp/ansible-tmp-1466601336.03-126192442556847 `" ) && >> sleep 0'"'"'' >> x.x.x.x | UNREACHABLE! => { >> "changed": false, >> "msg": "Failed to connect to the host via ssh.", >> "unreachable": true >> } >> >> Debug from direct ssh which works (via proxy command setup in >> /root/.ssh/config) >> >> root@ip-host:/etc/ansible# ssh devtest3 -v >> OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014 >> debug1: Reading configuration data /root/.ssh/config >> debug1: /root/.ssh/config line 1: Applying options for * >> debug1: /root/.ssh/config line 769: Applying options for devtest3 >> debug1: Reading configuration data /etc/ssh/ssh_config >> debug1: /etc/ssh/ssh_config line 1: Applying options for * >> debug1: /etc/ssh/ssh_config line 769: Applying options for devtest3 >> debug1: Hostname has changed; re-reading configuration >> debug1: Reading configuration data /root/.ssh/config >> debug1: /root/.ssh/config line 1: Applying options for * >> debug1: Reading configuration data /etc/ssh/ssh_config >> debug1: /etc/ssh/ssh_config line 1: Applying options for * >> debug1: auto-mux: Trying existing master >> debug1: multiplexing control connection >> debug2: fd 6 setting O_NONBLOCK >> debug3: fd 6 is O_NONBLOCK >> debug1: channel 1: new [mux-control] >> debug3: channel_post_mux_listener: new mux channel 1 fd 6 >> debug3: mux_master_read_cb: channel 1: hello sent >> debug2: set_control_persist_exit_time: cancel scheduled exit >> debug3: mux_master_read_cb: channel 1 packet type 0x00000001 len 4 >> debug2: process_mux_master_hello: channel 1 slave version 4 >> debug3: mux_master_read_cb: channel 1 packet type 0x10000004 len 4 >> debug2: process_mux_alive_check: channel 1: alive check >> debug3: mux_master_read_cb: channel 1 packet type 0x10000002 len 50 >> debug2: process_mux_new_session: channel 1: request tty 1, X 1, agent 0, >> subsys 0, term "xterm-256color", cmd "", env 0 >> debug3: mm_receive_fd: recvmsg: Resource temporarily unavailable >> debug3: mm_receive_fd: recvmsg: Resource temporarily unavailable >> debug3: mm_receive_fd: recvmsg: Resource temporarily unavailable >> debug3: process_mux_new_session: got fds stdin 7, stdout 8, stderr 9 >> debug1: channel 2: new [client-session] >> debug2: process_mux_new_session: channel_new: 2 linked to control channel >> 1 >> debug2: channel 2: send open >> debug2: callback start >> debug2: client_session2_setup: id 2 >> debug2: channel 2: request pty-req confirm 1 >> debug2: channel 2: request shell confirm 1 >> debug3: mux_session_confirm: sending success reply >> debug2: callback done >> debug2: channel 2: open confirm rwindow 0 rmax 32768 >> debug1: mux_client_request_session: master session id: 2 >> debug2: channel_input_status_confirm: type 99 id 2 >> debug2: PTY allocation request accepted on channel 2 >> debug2: channel 2: rcvd adjust 2097152 >> debug2: channel_input_status_confirm: type 99 id 2 >> debug2: shell request accepted on channel 2 >> Last login: Wed Jun 22 13:20:11 2016 from >> ubuntu@ip-host:~$ >> >> Here's ssh setting of the ansible.cfg: >> >> [ssh_connection] >> ssh_args = -F /root/.ssh/config -o ControlMaster=auto -o >> ControlPersist=10m >> control_path = ~/.ssh/ansible-%%r@%%h:%%p >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To post to this group, send email to [email protected] >> <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/da69bb4a-69f3-4ca5-97de-666f1f61feb5%40googlegroups.com >> >> <https://groups.google.com/d/msgid/ansible-project/da69bb4a-69f3-4ca5-97de-666f1f61feb5%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/b49c6432-c906-42c7-b7fb-bbb204ac8fec%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
