OpenStack-Ansible

Connection plugin openstack.osa.ssh does not respect REMOTE_USER

Bug #2044229 reported by Dmitriy Rabotyagov
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack-Ansible
New
High
Dmitriy Rabotyagov

Bug Description

When running playbook or ad-hoc and passing "-u USER" as an argument, it is ignored by connection plugin.

Intended behaviour:

/opt/openstack-ansible# ANSIBLE_TRANSPORT=ansible.builtin.ssh ansible -m ping -u ubuntu compute23 -vvv
Variable files: "-e @/etc/openstack_deploy/user_city_openstack.yml -e @/etc/openstack_deploy/user_secrets.yml -e @/etc/openstack_deploy/user_tempest_tests_full.yml -e @/etc/openstack_deploy/user_tempest_tests_minimal.yml -e @/etc/openstack_deploy/user_variables.yml -e @/etc/openstack_deploy/user_variables_pki.yml "
ansible [core 2.13.8]
  config file = None
  configured module search path = ['/etc/ansible/roles/ceph-ansible/library']
  ansible python module location = /opt/ansible-runtime/lib/python3.10/site-packages/ansible
  ansible collection location = /etc/ansible
  executable location = /opt/ansible-runtime/bin/ansible
  python version = 3.10.12 (main, Jun 11 2023, 05:26:28) [GCC 11.4.0]
  jinja version = 3.1.2
  libyaml = True
No config file found; using defaults
host_list declined parsing /opt/openstack-ansible/inventory/dynamic_inventory.py as it did not pass its verify_file() method
Parsed /opt/openstack-ansible/inventory/dynamic_inventory.py inventory source with script plugin
host_list declined parsing /opt/openstack-ansible/inventory/inventory.ini as it did not pass its verify_file() method
script declined parsing /opt/openstack-ansible/inventory/inventory.ini as it did not pass its verify_file() method
auto declined parsing /opt/openstack-ansible/inventory/inventory.ini as it did not pass its verify_file() method
yaml declined parsing /opt/openstack-ansible/inventory/inventory.ini as it did not pass its verify_file() method
Parsed /opt/openstack-ansible/inventory/inventory.ini inventory source with ini plugin
host_list declined parsing /etc/openstack_deploy/inventory.ini as it did not pass its verify_file() method
script declined parsing /etc/openstack_deploy/inventory.ini as it did not pass its verify_file() method
auto declined parsing /etc/openstack_deploy/inventory.ini as it did not pass its verify_file() method
yaml declined parsing /etc/openstack_deploy/inventory.ini as it did not pass its verify_file() method
Parsed /etc/openstack_deploy/inventory.ini inventory source with ini plugin
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
META: ran handlers
Using module file /opt/ansible-runtime/lib/python3.10/site-packages/ansible/modules/ping.py
Pipelining is enabled.
<172.16.8.73> ESTABLISH SSH CONNECTION FOR USER: ubuntu
<172.16.8.73> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=300 -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="ubuntu"' -o ConnectTimeout=5 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o ServerAliveInterval=64 -o ServerAliveCountMax=1024 -o Compression=no -o TCPKeepAlive=yes -o VerifyHostKeyDNS=no -o ForwardX11=no -o ForwardAgent=yes -T -o 'ControlPath="/root/.ansible/cp/e98069fb55"' 172.16.8.73 '/bin/sh -c '"'"'/usr/bin/python3 && sleep 0'"'"''
<172.16.8.73> (0, b'\n{"ping": "pong", "invocation": {"module_args": {"data": "pong"}}}\n', b"Warning: Permanently added '172.16.8.73' (ED25519) to the list of known hosts.\r\n")
compute23 | SUCCESS => {
    "changed": false,
    "invocation": {
        "module_args": {
            "data": "pong"
        }
    },
    "ping": "pong"
}
META: ran handlers
META: ran handlers
================================================

Actual behavior with our connection plugin:

/opt/openstack-ansible# ANSIBLE_TRANSPORT=openstack.osa.ssh ansible -m ping -u ubuntu compute23 -vvv
Variable files: "-e @/etc/openstack_deploy/user_city_openstack.yml -e @/etc/openstack_deploy/user_secrets.yml -e @/etc/openstack_deploy/user_tempest_tests_full.yml -e @/etc/openstack_deploy/user_tempest_tests_minimal.yml -e @/etc/openstack_deploy/user_variables.yml -e @/etc/openstack_deploy/user_variables_pki.yml "
ansible [core 2.13.8]
  config file = None
  configured module search path = ['/etc/ansible/roles/ceph-ansible/library']
  ansible python module location = /opt/ansible-runtime/lib/python3.10/site-packages/ansible
  ansible collection location = /etc/ansible
  executable location = /opt/ansible-runtime/bin/ansible
  python version = 3.10.12 (main, Jun 11 2023, 05:26:28) [GCC 11.4.0]
  jinja version = 3.1.2
  libyaml = True
No config file found; using defaults
host_list declined parsing /opt/openstack-ansible/inventory/dynamic_inventory.py as it did not pass its verify_file() method
Parsed /opt/openstack-ansible/inventory/dynamic_inventory.py inventory source with script plugin
host_list declined parsing /opt/openstack-ansible/inventory/inventory.ini as it did not pass its verify_file() method
script declined parsing /opt/openstack-ansible/inventory/inventory.ini as it did not pass its verify_file() method
auto declined parsing /opt/openstack-ansible/inventory/inventory.ini as it did not pass its verify_file() method
yaml declined parsing /opt/openstack-ansible/inventory/inventory.ini as it did not pass its verify_file() method
Parsed /opt/openstack-ansible/inventory/inventory.ini inventory source with ini plugin
host_list declined parsing /etc/openstack_deploy/inventory.ini as it did not pass its verify_file() method
script declined parsing /etc/openstack_deploy/inventory.ini as it did not pass its verify_file() method
auto declined parsing /etc/openstack_deploy/inventory.ini as it did not pass its verify_file() method
yaml declined parsing /etc/openstack_deploy/inventory.ini as it did not pass its verify_file() method
Parsed /etc/openstack_deploy/inventory.ini inventory source with ini plugin
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
META: ran handlers
container_name: "compute23"
physical_host: "compute23"
Using module file /opt/ansible-runtime/lib/python3.10/site-packages/ansible/modules/ping.py
Pipelining is enabled.
<172.16.8.73> ESTABLISH SSH CONNECTION FOR USER: ubuntu
<172.16.8.73> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=300 -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=5 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o ServerAliveInterval=64 -o ServerAliveCountMax=1024 -o Compression=no -o TCPKeepAlive=yes -o VerifyHostKeyDNS=no -o ForwardX11=no -o ForwardAgent=yes -T -o 'ControlPath="/root/.ansible/cp/adacf40046"' 172.16.8.73 '/bin/sh -c '"'"'/usr/bin/python3 && sleep 0'"'"''
<172.16.8.73> (142, b'Please login as the user "ubuntu" rather than the user "root".\n\n', b'')
<172.16.8.73> Failed to connect to the host via ssh:
compute23 | FAILED! => {
    "changed": false,
    "module_stderr": "",
    "module_stdout": "Please login as the user \"ubuntu\" rather than the user \"root\".\n\n",
    "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
    "rc": 142
}

=====================================================

So while you see "ESTABLISH SSH CONNECTION FOR USER: ubuntu" in output, it in fact has no effect, since "-o 'User="ubuntu"'" is never added to the actual command.

Workaround:

Supplying `-e ansible_user=ubuntu` works and is respected:

root@cc-deploy01-fra1:/opt/openstack-ansible# ANSIBLE_TRANSPORT=openstack.osa.ssh ansible -m ping compute23 -e ansible_user=ubuntu -vvv
Variable files: "-e @/etc/openstack_deploy/user_city_openstack.yml -e @/etc/openstack_deploy/user_secrets.yml -e @/etc/openstack_deploy/user_tempest_tests_full.yml -e @/etc/openstack_deploy/user_tempest_tests_minimal.yml -e @/etc/openstack_deploy/user_variables.yml -e @/etc/openstack_deploy/user_variables_pki.yml "
ansible [core 2.13.8]
  config file = None
  configured module search path = ['/etc/ansible/roles/ceph-ansible/library']
  ansible python module location = /opt/ansible-runtime/lib/python3.10/site-packages/ansible
  ansible collection location = /etc/ansible
  executable location = /opt/ansible-runtime/bin/ansible
  python version = 3.10.12 (main, Jun 11 2023, 05:26:28) [GCC 11.4.0]
  jinja version = 3.1.2
  libyaml = True
No config file found; using defaults
host_list declined parsing /opt/openstack-ansible/inventory/dynamic_inventory.py as it did not pass its verify_file() method
Parsed /opt/openstack-ansible/inventory/dynamic_inventory.py inventory source with script plugin
host_list declined parsing /opt/openstack-ansible/inventory/inventory.ini as it did not pass its verify_file() method
script declined parsing /opt/openstack-ansible/inventory/inventory.ini as it did not pass its verify_file() method
auto declined parsing /opt/openstack-ansible/inventory/inventory.ini as it did not pass its verify_file() method
yaml declined parsing /opt/openstack-ansible/inventory/inventory.ini as it did not pass its verify_file() method
Parsed /opt/openstack-ansible/inventory/inventory.ini inventory source with ini plugin
host_list declined parsing /etc/openstack_deploy/inventory.ini as it did not pass its verify_file() method
script declined parsing /etc/openstack_deploy/inventory.ini as it did not pass its verify_file() method
auto declined parsing /etc/openstack_deploy/inventory.ini as it did not pass its verify_file() method
yaml declined parsing /etc/openstack_deploy/inventory.ini as it did not pass its verify_file() method
Parsed /etc/openstack_deploy/inventory.ini inventory source with ini plugin
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
META: ran handlers
container_name: "compute23"
physical_host: "compute23"
Using module file /opt/ansible-runtime/lib/python3.10/site-packages/ansible/modules/ping.py
Pipelining is enabled.
container_name: "compute23"
physical_host: "compute23"
<172.16.8.73> ESTABLISH SSH CONNECTION FOR USER: ubuntu
<172.16.8.73> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=300 -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="ubuntu"' -o ConnectTimeout=5 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o ServerAliveInterval=64 -o ServerAliveCountMax=1024 -o Compression=no -o TCPKeepAlive=yes -o VerifyHostKeyDNS=no -o ForwardX11=no -o ForwardAgent=yes -T -o 'ControlPath="/root/.ansible/cp/e58718fedf"' 172.16.8.73 '/bin/sh -c '"'"'/usr/bin/python3 && sleep 0'"'"''
<172.16.8.73> (0, b'\n{"ping": "pong", "invocation": {"module_args": {"data": "pong"}}}\n', b'')
compute23 | SUCCESS => {
    "changed": false,
    "invocation": {
        "module_args": {
            "data": "pong"
        }
    },
    "ping": "pong"
}
META: ran handlers
META: ran handlers
root@cc-deploy01-fra1:/opt/openstack-ansible#

See original description
Dmitriy Rabotyagov (noonedeadpunk)
description: updated
description: updated
Dmitriy Rabotyagov (noonedeadpunk)
Changed in openstack-ansible:
assignee: nobody → Dmitriy Rabotyagov (noonedeadpunk)
importance: Undecided → High
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.