I’m having some troubles letting ansible-playbooks connect to my servers
My version of foreman is 1.22, ansible 2.8
The error I’m getting is Invalid/incorrect password: no such identity: /root/.ssh/id_rsa permission denied
But when I log in from the foreman-server using the same user as defined in foreman using also the key configured in foreman this works fine
It was working before
I tried turning on ansible debug mode in foreman settings (-vvvv), but that doesn’t seem to increase the output when ansible-playbooks or roles are run from within
Foreman is installed on CentOS 7, are there any log files I could find out more about what’s going on, i.e. which user foreman is letting ansible connect with… Expected outcome:
Playbooks that can sucessfully login in a hosts when ran from the console also work when lauched from the UI
See debug data with the setting ‘vvvv’ similar to running an ansible-playbook with ‘-vvvv’ Foreman and Proxy versions:
My version of foreman is 1.22 (as is the proxy) Foreman and Proxy plugin versions:
python 3.7 Other relevant data:
I see there are 2 issues here. First one is the output verbosity, that is a bug.
Regarding the permission denied on connection, the /root/.ssh/id_rsa key looks suspicious to me. Ansible is executed through smart proxy and I do not think foreman-proxy process has access to that location. Proxy uses keys in /usr/share/foreman-proxy/.ssh/ to connect to the host, which can be set up as part of provisioning with a template. SSH user is configurable in Settings, Remote Execution tab, the best way to find what params the host has access to is by looking at the YAML output on the hosts detail page.
You are right, it is the key in /usr/share/foreman-proxy/.ssh/ that is being used. So the setting for the private_key in the foreman interface has no effect (or fails because of lacking permissions on that location)
Now I copied the private key that I want to use over the one in /usr/share/foreman-proxy/.ssh/, but upon asking the yaml details from the host, I still see the old key. No private key file is to be found on the server that matches this public key except a backup of the original file.
How come the old key is still in use, even after a reboot of the server ?