1. casa
  2. Domanda e risposta
  3. Ansible non è in grado di connettersi all'istanza AWS EC2

Ansible non è in grado di connettersi all'istanza AWS EC2

2016-04-29 29 views
7

Sto provando ad utilizzare Ansible per connettersi a un'istanza AWS EC2 da una build Codeship. Ciò sta funzionando perfettamente in un'altra regione AWS (eu-ovest-1), ma ora voglio i server di configurazione in noi-est-1 e sto ottenendo il seguente errore:Ansible non è in grado di connettersi all'istanza AWS EC2

<ec2-52-11-9-45.compute-1.amazonaws.com> ESTABLISH SSH CONNECTION FOR USER: ec2-user 
<ec2-52-11-9-45.compute-1.amazonaws.com> SSH: EXEC ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 -o ControlPath=/home/rof/.ansible/cp/ansible-ssh-%h-%p-%r -tt ec2-52-11-9-45.compute-1.amazonaws.com '(umask 22 && mkdir -p "$(echo $HOME/.ansible/tmp/ansible-tmp-1461915330.37-230126286487108)" && echo "$(echo $HOME/.ansible/tmp/ansible-tmp-1461915330.37-230126286487108)")' 
fatal: [ec2-52-11-9-45.compute-1.amazonaws.com]: UNREACHABLE! => {"changed": false, "msg": "ERROR! SSH encountered an unknown error. The output was:\nOpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014 

debug1: Reading configuration data /home/rof/.ssh/config 
debug1: Reading configuration data /etc/ssh/ssh_config 
debug1: /etc/ssh/ssh_config line 19: Applying options for * 
debug1: auto-mux: Trying existing master 
debug1: Control socket \"/home/rof/.ansible/cp/ansible-ssh-ec2-52-11-9-45.compute-1.amazonaws.com-22-ec2-user\" does not exist 
debug2: ssh_connect: needpriv 0 
debug1: Connecting to ec2-52-11-9-45.compute-1.amazonaws.com [52.1.39.45] port 22. 
debug2: fd 3 setting O_NONBLOCK 
debug1: fd 3 clearing O_NONBLOCK 
debug1: Connection established. 
debug3: timeout: 10000 ms remain after connect 
debug3: Incorrect RSA1 identifier 
debug3: Could not load \"/home/rof/.ssh/id_rsa\" as a RSA1 public key 
debug1: identity file /home/rof/.ssh/id_rsa type -1 
debug1: identity file /home/rof/.ssh/id_rsa-cert type -1 
debug1: identity file /home/rof/.ssh/id_dsa type -1 
debug1: identity file /home/rof/.ssh/id_dsa-cert type -1 
debug1: identity file /home/rof/.ssh/id_ecdsa type -1 
debug1: identity file /home/rof/.ssh/id_ecdsa-cert type -1 
debug1: identity file /home/rof/.ssh/id_ed25519 type -1 
debug1: identity file /home/rof/.ssh/id_ed25519-cert type -1 
debug1: Enabling compatibility mode for protocol 2.0 
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6 
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1 
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000 
debug2: fd 3 setting O_NONBLOCK 
debug3: load_hostkeys: loading entries for host \"ec2-52-11-9-45.compute-1.amazonaws.com\" from file \"/dev/null\" 
debug3: load_hostkeys: loaded 0 keys 
debug1: SSH2_MSG_KEXINIT sent 
debug1: SSH2_MSG_KEXINIT received 
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss 
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] 
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] 
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: [email protected],zlib,none 
debug2: kex_parse_kexinit: [email protected],zlib,none 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 
debug2: kex_parse_kexinit: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] 
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] 
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: none,[email protected] 
debug2: kex_parse_kexinit: none,[email protected] 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: setup [email protected] 
debug1: kex: server->client aes128-ctr [email protected] [email protected] 
debug2: mac_setup: setup [email protected] 
debug1: kex: client->server aes128-ctr [email protected] [email protected] 
debug1: sending SSH2_MSG_KEX_ECDH_INIT 
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY 
debug1: Server host key: ECDSA f6:db:c0:15:19:17:45:cc:db:6f:16:f4:6f:02:bf:79 
debug3: load_hostkeys: loading entries for host \"ec2-52-11-9-45.compute-1.amazonaws.com\" from file \"/dev/null\" 
debug3: load_hostkeys: loaded 0 keys 
debug3: load_hostkeys: loading entries for host \"52.1.39.45\" from file \"/dev/null\" 
debug3: load_hostkeys: loaded 0 keys 
Warning: Permanently added 'ec2-52-11-9-45.compute-1.amazonaws.com,52.1.39.45' (ECDSA) to the list of known hosts. 
debug1: ssh_ecdsa_verify: signature correct 
debug2: kex_derive_keys 
debug2: set_newkeys: mode 1 
debug1: SSH2_MSG_NEWKEYS sent 
debug1: expecting SSH2_MSG_NEWKEYS 
debug2: set_newkeys: mode 0 
debug1: SSH2_MSG_NEWKEYS received 
debug1: SSH2_MSG_SERVICE_REQUEST sent 
debug2: service_accept: ssh-userauth 
debug1: SSH2_MSG_SERVICE_ACCEPT received 
debug2: key: /home/rof/.ssh/id_rsa (0x7fbfa369ea30), 
debug2: key: /home/rof/.ssh/id_rsa ((nil)), 
debug2: key: /home/rof/.ssh/id_dsa ((nil)), 
debug2: key: /home/rof/.ssh/id_ecdsa ((nil)), 
debug2: key: /home/rof/.ssh/id_ed25519 ((nil)), 
debug1: Authentications that can continue: publickey 
debug3: start over, passed a different list publickey 
debug3: preferred gssapi-with-mic,gssapi-keyex,hostbased,publickey 
debug3: authmethod_lookup publickey 
debug3: remaining preferred: ,gssapi-keyex,hostbased,publickey 
debug3: authmethod_is_enabled publickey 
debug1: Next authentication method: publickey 
debug1: Offering RSA public key: /home/rof/.ssh/id_rsa 
debug3: send_pubkey_test 
debug2: we sent a publickey packet, wait for reply 
debug1: Server accepts key: pkalg ssh-rsa blen 279 
debug2: input_userauth_pk_ok: fp 6a:73:a4:d1:c5:79:9d:6b:6f:3f:7d:cd:8e:60:97:84 
debug3: sign_and_send_pubkey: RSA 6a:73:a4:d1:c5:79:9d:6b:6f:3f:7d:cd:8e:60:97:84 
debug1: Enabling compression at level 6. 
debug1: Authentication succeeded (publickey). 
Authenticated to ec2-52-11-9-45.compute-1.amazonaws.com ([52.1.39.45]:22). 
debug1: setting up multiplex master socket 
debug3: muxserver_listen: temporary control path /home/rof/.ansible/cp/ansible-ssh-ec2-52-11-9-45.compute-1.amazonaws.com-22-ec2-user.WpJOoaH4MuX8djA0 
debug2: fd 4 setting O_NONBLOCK 
debug3: fd 4 is O_NONBLOCK 
debug3: fd 4 is O_NONBLOCK 
debug1: channel 0: new [/home/rof/.ansible/cp/ansible-ssh-ec2-52-11-9-45.compute-1.amazonaws.com-22-ec2-user] 
debug3: muxserver_listen: mux listener channel 0 fd 4 
debug2: fd 3 setting TCP_NODELAY 
debug3: packet_set_tos: set IP_TOS 0x08 
debug1: control_persist_detach: backgrounding master process 
debug2: control_persist_detach: background process is 8248 
Control socket connect(/home/rof/.ansible/cp/ansible-ssh-ec2-52-11-9-45.compute-1.amazonaws.com-22-ec2-user): Connection refused 
Failed to connect to new control master 
", "unreachable": true}

Sono in grado di connettersi con un semplice comando ssh come questo ssh [email protected] quindi sono abbastanza sicuro che le chiavi ssh siano configurate correttamente. L'unica differenza è la regione e l'AMI, ma l'AMI è Amazon Linux in entrambi i casi.

Qualcuno può dirmi il problema o indicarmi la direzione giusta per favore.

fonte

2016-04-29 Mikhail Janowski

+0

l'autenticazione sembra corretta (si ottiene "Autenticato in ec2-52-11-9-45.compute-1.amazonaws.com"). Puoi eseguire il comando localmente sull'istanza di ec2 per eseguire il debug? Qualche possibilità che tu abbia fatto un passo di pre-configurazione su eu-west-1 che hai dimenticato su us-east-1? – Tom

+0

Sì, posso eseguire questo comando sull'istanza di ec2 '(umask 22 && mkdir -p" $ (echo $ HOME/.ansible/tmp/ansible-tmp-1461915330.37-230126286487108) "&& echo" $ (echo $ HOME /. ansible/tmp/ansible-tmp-1461915330.37-230126286487108) ")" E sono sicuro che prima non ho fatto altri passi. –

+0

Quando eseguo l'intero comando ssh 'ssh -C -vvv -o ControlMaster = auto -o ControlPersist = 60s -o StrictHostKeyChecking = no -o KbdInteractiveAuthentication = no -o PreferredAuthentications = gssapi-with-mic, gssapi-keyex, basato su host, publickey -o PasswordAuthentication = no -o Utente = ec2-user -o ConnectTimeout = 10 -o ControlPath =/home/rof/.ansible/cp/ansible-ssh-% h-% p-% r -tt ec2-52- 1-39-45.compute-1.amazonaws.com '(umask 22 && mkdir -p "$ (echo $ HOME/.ansible/tmp/ansible-tmp-1461915330.37-230126286487108)" && echo "$ (echo $ HOME /.ansible/tmp/ansible-tmp-1461915330.37-230126286487108) ") '' Ricevo un altro errore –

risposta

1

Failed to connect to new control master

significa che hai problemi con le connessioni di controllo (connessione al file socket di controllo). Verifica le autorizzazioni o rimuovi il file del socket e riprova.

Normalmente queste impostazioni sono in ~/.ssh/config, quindi o disabilitarlo (ControlMaster no) o modificare il percorso (per esempio ControlPath /tmp o controllare questa post).

Dal momento che si sta utilizzando Ansible, è possibile disattivare le connessioni di controllo nella vostra ansible.cfg (ad esempio /etc/ansible/ansible.cfg):

ssh_args = -o ControlMaster=no

di cui al presente post. Oppure provare a disabilitare accelerate se abilitato (di cui al presente post):

accelerate: false

e riprovare.

fonte

2016-12-02 16:45:19 kenorb

Problemi correlati

 Problemi correlati