You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am fairly new to Ansible, and very new to this plugin (but not new to Linux or Python,) so I'm not sure whether this is a "true bug" or a matter of "don't do that."
I am using lxc-ssh to maintain lxc containers running on a Proxmox machine. I got it working following this guide, with one change.
The change: in inventory/group_vars/containers.yml, comment out
#ansible_ssh_extra_args: "{{ container_name }}"
Reason: This causes the container name to be inserted as an argument in the ssh command, between ConnectTimeout and ControlPath, which causes the ssh command to time out. (On the first "which lxc" command.)
(Actually, I think it causes ssh to interpret the container name as the host for ssh to connect to, so if the container name is not a valid hostname/ip it times out, but if it is, it tries to connect. At one point I had tried this and was getting messages that lxc was not found, because it was ssh'ing directly to the container, which of course did not have lxc installed. But the debug output still showed the IP for the Proxmox machine, so that was confusing.)
I note the page above is dated 2016, and references the original lxc-ssh (not this fork,) so perhaps it is outdated information. Still, it is the best example I have found, so far. Anyway, the root cause:
lcc_ssh.py, starting at line 831 in _build_command, with this comment:
# Add in any common or binary-specific arguments from the PlayContext
# (i.e. inventory or task settings or overrides on the command line).
By running ansible with -vvvv I can see the ssh command, copy/paste it to my terminal, and see that it times out, then remove the extra arg (bare container name) between ConnectTimeout and ControlPath, and then it works. So I commented out the line in containers.yml setting ansible_ssh_extra_args, and then ansible works.
So is that a "bug" or a "don't do that" (setting ansible_ssh_extra_args to the container name in containers.yml?) Might those extra args be needed, in that position, in some other situation? Or should the code validate these for some format before injecting into the command? I am a Python programmer, but am too new to Ansible/plugins to say how or if it should be fixed. But anyway, it's working for me now, after some hours of head-scratching debugging and "Y U NO WORK?" raging. :)
Anyway, loving this plugin. The reasons I am using it (skip the rest if not interested in non-bug rambling:)
I have a Proxmox machine running containers. I am learning Terraform/Ansible with the goal of, provision with Terraform, maintain with Ansible, with NO MANUAL STEPS in between.
Problem is, every time I terraform destroy/apply to recreate a container, the hwaddr/ip/host key changes, so connecting directly via ssh causes "dns spoofing" warnings and requires manual removal of keys in known_hosts. (Even though terraform added my public key in container /root/.ssh/authorized_keys. But the host key changed.)
Using lxc_ssh solves that, as it just runs the commands via lxc-attach after ssh'ing to the Proxmox machine. Don't even need the container's root password for this.
Of course, it also solves the problem of some container images not running sshd, as the description of lxc-ssh says. Even so, I note that the alpine linux default container has neither sshd NOR Python, so I will be looking into the raw module to see if I can get python3 installed. I actually created a custom alpine container image including openssh and python3, but still I'd like to figure out how to make it work with a "stock" image.
Thank you for maintaining this plugin. It is possible I could contribute in the future, after I understand Ansible better.
The text was updated successfully, but these errors were encountered:
I am fairly new to Ansible, and very new to this plugin (but not new to Linux or Python,) so I'm not sure whether this is a "true bug" or a matter of "don't do that."
I am using lxc-ssh to maintain lxc containers running on a Proxmox machine. I got it working following this guide, with one change.
https://logan.protiumit.com/2016/10/13/ansible-lxc-connection.html
The change: in inventory/group_vars/containers.yml, comment out
#ansible_ssh_extra_args: "{{ container_name }}"
Reason: This causes the container name to be inserted as an argument in the ssh command, between ConnectTimeout and ControlPath, which causes the ssh command to time out. (On the first "which lxc" command.)
(Actually, I think it causes ssh to interpret the container name as the host for ssh to connect to, so if the container name is not a valid hostname/ip it times out, but if it is, it tries to connect. At one point I had tried this and was getting messages that lxc was not found, because it was ssh'ing directly to the container, which of course did not have lxc installed. But the debug output still showed the IP for the Proxmox machine, so that was confusing.)
I note the page above is dated 2016, and references the original lxc-ssh (not this fork,) so perhaps it is outdated information. Still, it is the best example I have found, so far. Anyway, the root cause:
lcc_ssh.py, starting at line 831 in _build_command, with this comment:
# Add in any common or binary-specific arguments from the PlayContext
# (i.e. inventory or task settings or overrides on the command line).
By running ansible with -vvvv I can see the ssh command, copy/paste it to my terminal, and see that it times out, then remove the extra arg (bare container name) between ConnectTimeout and ControlPath, and then it works. So I commented out the line in containers.yml setting ansible_ssh_extra_args, and then ansible works.
So is that a "bug" or a "don't do that" (setting ansible_ssh_extra_args to the container name in containers.yml?) Might those extra args be needed, in that position, in some other situation? Or should the code validate these for some format before injecting into the command? I am a Python programmer, but am too new to Ansible/plugins to say how or if it should be fixed. But anyway, it's working for me now, after some hours of head-scratching debugging and "Y U NO WORK?" raging. :)
Anyway, loving this plugin. The reasons I am using it (skip the rest if not interested in non-bug rambling:)
I have a Proxmox machine running containers. I am learning Terraform/Ansible with the goal of, provision with Terraform, maintain with Ansible, with NO MANUAL STEPS in between.
Problem is, every time I terraform destroy/apply to recreate a container, the hwaddr/ip/host key changes, so connecting directly via ssh causes "dns spoofing" warnings and requires manual removal of keys in known_hosts. (Even though terraform added my public key in container /root/.ssh/authorized_keys. But the host key changed.)
Using lxc_ssh solves that, as it just runs the commands via lxc-attach after ssh'ing to the Proxmox machine. Don't even need the container's root password for this.
Of course, it also solves the problem of some container images not running sshd, as the description of lxc-ssh says. Even so, I note that the alpine linux default container has neither sshd NOR Python, so I will be looking into the raw module to see if I can get python3 installed. I actually created a custom alpine container image including openssh and python3, but still I'd like to figure out how to make it work with a "stock" image.
Thank you for maintaining this plugin. It is possible I could contribute in the future, after I understand Ansible better.
The text was updated successfully, but these errors were encountered: