R5.0.1 - multicloud :: password for OnPrem devices not getting updated in inventory file and ansible fails to ssh.

Bug #1785835 reported by Ritam Gangopadhyay on 2018-08-07
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
R5.0
Fix Released
Medium
Damian Rakowski
Trunk
Fix Released
Medium
Damian Rakowski

Bug Description

159ca9c0f3a4:~/multicloud# ansible-playbook -i inventories/inventory.yml ansible/contrail/playbooks/update.yml
 [WARNING]: Found both group and host with same name: localhost

PLAY [Install Python if not present] ***************************************************************************************************************************************************************

TASK [install_python : Install python 2] ***********************************************************************************************************************************************************
changed: [192.169.100.5]
changed: [192.168.100.11]
changed: [192.169.100.4]
fatal: [192.168.100.13]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Permission denied (publickey,password).\r\n", "unreachable": true}
fatal: [192.168.100.12]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Permission denied (publickey,password).\r\n", "unreachable": true}
fatal: [192.168.100.14]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Permission denied (publickey,password).\r\n", "unreachable": true}

PLAY [Update kernel] *******************************************************************************************************************************************************************************

TASK [Gathering Facts] *****************************************************************************************************************************************************************************
ok: [192.169.100.5]
ok: [192.168.100.11]
ok: [192.169.100.4]

TASK [update : Update kernel] **********************************************************************************************************************************************************************
skipping: [192.169.100.4]
skipping: [192.169.100.5]
skipping: [192.168.100.11]

TASK [update : Restart VMs (Non-Gateways)] *********************************************************************************************************************************************************
skipping: [192.169.100.4]
skipping: [192.169.100.5]
skipping: [192.168.100.11]

TASK [update : Restart VMs (Gateways)] *************************************************************************************************************************************************************
skipping: [192.169.100.4]
skipping: [192.169.100.5]
skipping: [192.168.100.11]

TASK [update : Wait until hosts are up] ************************************************************************************************************************************************************
skipping: [192.169.100.4]
skipping: [192.169.100.5]
skipping: [192.168.100.11]
        to retry, use: --limit @/root/multicloud/ansible/contrail/playbooks/update.retry

PLAY RECAP *****************************************************************************************************************************************************************************************
192.168.100.11 : ok=2 changed=1 unreachable=0 failed=0
192.168.100.12 : ok=0 changed=0 unreachable=1 failed=0
192.168.100.13 : ok=0 changed=0 unreachable=1 failed=0
192.168.100.14 : ok=0 changed=0 unreachable=1 failed=0
192.169.100.4 : ok=2 changed=1 unreachable=0 failed=0
192.169.100.5 : ok=2 changed=1 unreachable=0 failed=0

159ca9c0f3a4:~/multicloud#

#################################################################################################
TOPOLOGY FILE
#################################################################################################

159ca9c0f3a4:~/multicloud# cat topology.yml
- provider: OnPrem
  organization: Juniper
  project: multicloud
  instances:
    - name: nodec10
      public_ip: 10.204.217.176
      private_ip: 192.168.100.11
      private_subnet: 192.168.100.0/24
      vip: 192.168.100.110
      roles:
        - gateway
      provision: true
      username: root
      password: c0ntrail123
      protocols_mode:
        - ssl_client
      interface: enp1s0f1
    - name: nodec33
      public_ip: 10.204.217.168
      private_ip: 192.168.100.12
      private_subnet: 192.168.100.0/24
      roles:
        - controller
        - k8s_master
      provision: true
      username: root
      password: c0ntrail123
      interface: enp1s0f1
    - name: nodec28
      public_ip: 10.204.217.13
      private_ip: 192.168.100.13
      private_subnet: 192.168.100.0/24
      roles:
        - compute_node
      provision: true
      username: root
      password: c0ntrail123
      interface: enp1s0f1
.........
.......
.....

#################################################################################################
INVENTORY FILE
#################################################################################################

159ca9c0f3a4:~/multicloud# cat inventories/inventory.yml
all: {}
container_hosts:
  hosts:
    192.168.100.11:
      ansible_become: true
      ansible_host: 10.204.217.176
      ansible_ssh_common_args: -o StrictHostKeyChecking=no
      ansible_ssh_pipelining: true
      ansible_ssh_user: root
    192.168.100.12:
      ansible_become: true
      ansible_host: 10.204.217.168
      ansible_ssh_common_args: -o StrictHostKeyChecking=no
      ansible_ssh_pipelining: true
      ansible_ssh_user: root
    192.168.100.13:
      ansible_become: true
      ansible_host: 10.204.217.13
      ansible_ssh_common_args: -o StrictHostKeyChecking=no
      ansible_ssh_pipelining: true
      ansible_ssh_user: root
.......
.....

ansible_ssh_pass: missing

Ritam Gangopadhyay (ritam) wrote :

provider_config:
  bms:
    ssh_pwd: c0ntrail123
    ssh_user: root

I already have the above section specified in ansible/contrail/common.yml

Damian Rakowski (attil) wrote :

This issue was caused by not supplying a password to container hosts other than gateways. Fix is in https://github.com/Juniper/contrail-multi-cloud/pull/189 .

Sanju Abraham (asanju) wrote :

Password for onprem nodes is taken from the topology.yml directly.

Its as simple as reading and updating the pass for the corresponding onprem instance.

I tried to reproduce this multiple times and am not able to.

    20.1.1.119:
      ansible_host: 10.102.44.196
      ansible_ssh_common_args: -o StrictHostKeyChecking=no
      ansible_ssh_pass: cOntrail123
      ansible_ssh_pipelining: true

Marking the bug as Medium and as Incomplete.

Ritam Gangopadhyay (ritam) wrote :

https://github.com/Juniper/contrail-multi-cloud/pull/189 was merged 16 hrs ago and fix was not available when I tested.

Ritam Gangopadhyay (ritam) wrote :

Will verify with a new pull to multicloud repo and update.

Ritam Gangopadhyay (ritam) wrote :

verified with latest pull on 08-10 and this worked. Password was updated for non-GW nodes as well.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers