Hi, I get the following warnings for each task when running an ansible provisionin

Hi, There was an error from myself, when I tried to fix <a class="is

I may have a source of bug: In scpwrapper.py, line 29: <code cla

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Update: We upgraded theBastion from 3.10 to 3.12 I la

Getting warnings about scp and sftp when running with the wrapper about the-bastion-ansible-wrapper HOT 6 OPEN

Krenodeno commented on September 7, 2024

Getting warnings about scp and sftp when running with the wrapper

from the-bastion-ansible-wrapper.

Comments (6)

jriouovh commented on September 7, 2024

Hello,

Ansible tries to transfer files via The Bastion but fails with multiple warnings.

It means there are multiple transfer_method available to Ansible (see documentation). By default, it's smart and Ansible will try methods one by one: sftp, scp then piped.

The sftp method is not implemented yet (see #23) so the warning is normal.

The scp method fails.

Is The Bastion reachable via SSH?
Is your user on The Bastion allowed to scpup on the remote host?
Did you configured SCP where Ansible is executed?

[ssh_connection]
transfer_method = scp
scp_if_ssh = True       # Ansible < 2.17
scp_extra_args = -O     # OpenSSH >= 9.0
scp_executable = ./path/to/scpbastion.sh

Could you run your playbook with -vvv and post the output please? Don't forget to strip sensitive data.

Example:

ansible-playbook -vvv play.hml

Have a nice day,

from the-bastion-ansible-wrapper.

Krenodeno commented on September 7, 2024

Hi,

There was an error from myself, when I tried to fix #20 I forgot to declare the default_configuration_file variable.

After updating scp script, and adding sftp script, I still get the warnings for the twos:

<myhostbehindbastion.example.org> PUT /home/tfromont/.ansible/tmp/ansible-local-161279mt3dlljj/tmph1nlf13j TO /root/.ansible/tmp/ansible-tmp-1680254611.5013845-161951-50064555706425/AnsiballZ_stat.py
<myhostbehindbastion.example.org> SSH: EXEC extra/bastion/sftpbastion.sh -b - -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o 'ControlPath="/home/tfromont/.ansible/cp/cef20c313b"' '[myhostbehindbastion.example.org]'
[WARNING]: sftp transfer mechanism failed on [myhostbehindbastion.example.org]. Use ANSIBLE_DEBUG=1 to see detailed information
<myhostbehindbastion.example.org> SSH: EXEC extra/bastion/scpbastion.sh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o 'ControlPath="/home/tfromont/.ansible/cp/cef20c313b"' /home/tfromont/.ansible/tmp/ansible-local-161279mt3dlljj/tmph1nlf13j '[myhostbehindbastion.example.org]:/root/.ansible/tmp/ansible-tmp-1680254611.5013845-161951-50064555706425/AnsiballZ_stat.py'
[WARNING]: scp transfer mechanism failed on [myhostbehindbastion.example.org]. Use ANSIBLE_DEBUG=1 to see detailed information
<myhostbehindbastion.example.org> ESTABLISH SSH CONNECTION FOR USER: root
<myhostbehindbastion.example.org> SSH: EXEC extra/bastion/sshwrapper.py -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o 'ControlPath="/home/tfromont/.ansible/cp/cef20c313b"' myhostbehindbastion.example.org 'dd of=/root/.ansible/tmp/ansible-tmp-1680254611.5013845-161951-50064555706425/AnsiballZ_stat.py bs=65536'
<myhostbehindbastion.example.org> (0, b'', b'2+1 records in\n2+1 records out\n132977 bytes (133 kB, 130 KiB) copied, 0.000414307 s, 321 MB/s\n')
<myhostbehindbastion.example.org> (0, b'', b'2+1 records in\n2+1 records out\n132977 bytes (133 kB, 130 KiB) copied, 0.000414307 s, 321 MB/s\n')

Note that I have not activated pipelining as it can conflict with some of our roles using the become option in a task.

I tried also with the ANSIBLE_DEBUG=1 anv var, and I can see the help output of the bastion:

162281 1680254927.51801: Sending initial data
162281 1680254927.51815: Sent initial data (165 bytes)
162281 1680254928.21564: stderr chunk (state=3):
>>>
The Bastion v3.10.00 quick usage examples:

    Connect to a server:              bastion [email protected]
    Run a command on a server:        bastion [email protected] -- uname -a

    List the osh commands:            bastion --osh help
    Help on a specific osh command:   bastion --osh OSH_COMMAND --help
    Enter interactive mode for osh:   bastion -i

    Get more complete help:           bastion --long-help

Received message too long 458961713
Ensure the remote shell produces no output for non-interactive sessions.
<<<
162281 1680254928.21632: stdout chunk (state=3):
>>><<<
162281 1680254928.22278: stderr chunk (state=3):
>>><<<
[WARNING]: sftp transfer mechanism failed on [myhostbehindbastion.example.org]. Use ANSIBLE_DEBUG=1 to see detailed information
162281 1680254928.22385: 
162281 1680254928.22392: 
The Bastion v3.10.00 quick usage examples:

    Connect to a server:              bastion [email protected]
    Run a command on a server:        bastion [email protected] -- uname -a

    List the osh commands:            bastion --osh help
    Help on a specific osh command:   bastion --osh OSH_COMMAND --help
    Enter interactive mode for osh:   bastion -i

    Get more complete help:           bastion --long-help

Received message too long 458961713
Ensure the remote shell produces no output for non-interactive sessions.
162281 1680254928.36863: stderr chunk (state=2):
>>>scp: Connection closed
<<<
162281 1680254928.36894: stderr chunk (state=3):
>>><<<
162281 1680254928.36898: stdout chunk (state=3):
>>><<<
[WARNING]: scp transfer mechanism failed on [myhostbehindbastion.example.org]. Use ANSIBLE_DEBUG=1 to see detailed information
162281 1680254928.36938: 
162281 1680254928.36941: scp: Connection closed

It looks like the command sended to the bastion is not the right one.

from the-bastion-ansible-wrapper.

Krenodeno commented on September 7, 2024

I may have a source of bug:

In scpwrapper.py, line 29:
elif e == "-o" and argv[i + 1].startswith("User="):
In the ansible output, I see -o 'User="root"'

this condition might be skipped, because it doesn't match the " with '.

from the-bastion-ansible-wrapper.

Krenodeno commented on September 7, 2024

mmh, no, forget it, totally okay there

from the-bastion-ansible-wrapper.

Krenodeno commented on September 7, 2024

@jriouovh Hi, If I can assist you with anything in regard of this issue, let me know, I'll help as much as I can.

from the-bastion-ansible-wrapper.

Krenodeno commented on September 7, 2024

Update:

We upgraded theBastion from 3.10 to 3.12
I launched an ansible deployment with ANSIBLE_DEBUG=1 and saw this:

 18015 1688648460.81423: Sending initial data
 18015 1688648460.81465: Sent initial data (162 bytes)
 18015 1688648460.82377: stderr chunk (state=3):
>>>exec: extra/bastion/sftpwrapper.py: Permission denied
<<<
 18015 1688648460.82403: stderr chunk (state=3):
>>>Connection closed
<<<
 18015 1688648460.82413: stderr chunk (state=3):
>>><<<
 18015 1688648460.82417: stdout chunk (state=3):
>>><<<
[WARNING]: sftp transfer mechanism failed on [myserver.example.com]. Use ANSIBLE_DEBUG=1 to see detailed information
 18015 1688648460.82463:
 18015 1688648460.82465: exec: extra/bastion/sftpwrapper.py: Permission denied
Connection closed
 18015 1688648460.95284: stderr chunk (state=2):
>>>scp: Connection closed
<<<
 18015 1688648460.95314: stderr chunk (state=3):
>>><<<
 18015 1688648460.95330: stdout chunk (state=3):
>>><<<
[WARNING]: scp transfer mechanism failed on [myserver.example.com]. Use ANSIBLE_DEBUG=1 to see detailed information
 18015 1688648460.95369:
 18015 1688648460.95370: scp: Connection closed

So I ran chmod +x extra/bastion/sftpwrapper.py and reran ansible again:

 18944 1688648937.75379: Sending initial data
 18944 1688648937.75385: Sent initial data (161 bytes)
 18944 1688648938.80904: stderr chunk (state=3):
>>>
Sorry, but even if you have ssh access to [email protected]:22, you still need to be granted specifically for sftp
<<<
 18944 1688648938.81316: stderr chunk (state=3):
>>>Connection closed
<<<
 18944 1688648938.81368: stderr chunk (state=3):
>>><<<
 18944 1688648938.81407: stdout chunk (state=3):
>>><<<
[WARNING]: sftp transfer mechanism failed on [myserver.example.com]. Use ANSIBLE_DEBUG=1 to see detailed information
 18944 1688648938.81517:
 18944 1688648938.81521:
Sorry, but even if you have ssh access to [email protected]:22, you still need to be granted specifically for sftp
Connection closed
 18944 1688648938.97396: stderr chunk (state=2):
>>>scp: Connection closed
<<<
 18944 1688648938.97414: stderr chunk (state=3):
>>><<<
 18944 1688648938.97424: stdout chunk (state=3):
>>><<<
[WARNING]: scp transfer mechanism failed on [myserver.example.com]. Use ANSIBLE_DEBUG=1 to see detailed information
 18944 1688648938.97444:
 18944 1688648938.97445: scp: Connection closed

Note the exact same error message from SFTP and SCP methods.

Both errors get away when I grant SFTP permission in our bastion, but both errors still shows when a hosts only have SCP (up & down) granted.

from the-bastion-ansible-wrapper.

Getting warnings about scp and sftp when running with the wrapper about the-bastion-ansible-wrapper HOT 6 OPEN

Comments (6)

Related Issues (10)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent