I change the default SSH Port in a (still) user/pass setup.
After the port change and client-reboot, Ansible cannot connect any more and displays a fatal with invalid argument.
I run this from Windows -> WSL.Ubuntu
I figured out, the error can be prevented in 2 ways:
- do every time a
ansible all -m pingjust before running theansible-playbook - do one time a
chmod -x .vault-pass, I gues that's the correct solution, don't know why it has an "+x" in the first place, maybe that's a Windows-WSL thing...
If neither of these are done, the below error happens. Can someone explain why and also why this error message is far away from understandable?
fatal: [ansiblepi1]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: ssh: connect to host ansiblepi1 port 10000: Invalid argument", "unreachable": true}
or in verbose:
TASK [ssh : Check SSH Connection] *************************************************************************************************************************************************************************************************
task path: .../ssh/tasks/main.yml:49
<ansiblepi1> ESTABLISH SSH CONNECTION FOR USER: myuser
<ansiblepi1> SSH: EXEC sshpass -d10 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=10000 -o 'User="myuser"' -o ConnectTimeout=10 -o 'ControlPath=".../.ansible/cp/5b8f383076"' ansiblepi1 '/bin/sh -c '"'"'echo ~myuser && sleep 0'"'"''
<ansiblepi1> (255, b'', b'ssh: connect to host ansiblepi1 port 10000: Invalid argument\r\n')
fatal: [ansiblepi1]: UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: connect to host ansiblepi1 port 10000: Invalid argument",
"unreachable": true
}
Playbook:
---
- hosts: pi
gather_facts: false
roles:
- ssh
Role:
---
- name: Set configured_port fact
ansible.builtin.set_fact:
configured_port: "{{ ansible_port }}"
- name: Check ansible_port from Inventory for Host
ansible.builtin.wait_for:
port: "{{ configured_port }}"
host: "{{ inventory_hostname }}"
state: "started"
connect_timeout: 2
timeout: 2
delegate_to: 127.0.0.1
ignore_errors: true
register: ssh_check
when: ansible_port is defined
- name: Set ansible_port from Inventory for Host
ansible.builtin.set_fact:
ansible_port: "{{ configured_port }}"
when: ssh_check is defined and
ssh_check.state is defined and
ssh_check.state == "started"
- name: Change SSH port and restart Service
when: ssh_check is undefined or
ssh_check.failed is true
block:
- name: Set default ansible_port fact
ansible.builtin.set_fact:
ansible_port: 22
- name: Setup ansible_port from Inventory for Host
become: true
ansible.builtin.lineinfile:
dest: "/etc/ssh/sshd_config"
regexp: "^Port"
line: "Port {{ configured_port }}"
- name: Restart sshd
become: true
ansible.builtin.service:
name: sshd
state: restarted
enabled: true
- name: Set ansible_port from Inventory for Host
ansible.builtin.set_fact:
ansible_port: "{{ configured_port }}"
- name: Check SSH Connection
ansible.builtin.ping:
- name: Run deferred setup to gather facts
ansible.builtin.setup:
...
Config:
[defaults]
inventory=inventory/production
host_key_checking=False
vault_password_file = .vault-pass
Inventory:
[pi]
ansiblepi1 ansible_port=10000
