I have gone round a little and I can say this post is not a duplicate. I have been fairly using Ansible 2.9.x and connectivity to the bastion host has always worked fine for me using the ec2.py dynamic inventory . I am switching to the the ansible was_ec2 plugin and one of the reason is even on this other stackoverflow post of mine.
I have gleaned information below are my inventory file and ansible.cfg file
#myprovile.aws_ec2.yml
plugin: amazon.aws.aws_ec2
boto_profile: my profile
strict: True
regions:
- eu-west-1
- eu-central-1
- eu-north-1
keyed_groups:
- key: tags
prefix: tag
hostnames:
- ip-address
# - dns-name
# - tag:Name
- private-ip-address
compose:
ansible_host: private_ip_address
# folder/project level ansible.cfg configuration
[defaults]
roles_path = roles
host_key_checking = False
hash_behaviour = merge ### Note to self: Extremely important settings
interpreter_python = auto ### Note to self: Very important settings for running from localhost
[inventory]
enable_plugins = aws_ec2, host_list, script, auto, yaml, ini, toml
# inventory = plugin_inventory/bb.aws_ec2.yaml
The inventory has group_vars files
➜ plugin_inventory git:(develop) ✗ tree
.
├── myprovile.aws_ec2.yml
└── group_vars
├── tag_Name_main_productname_uat_jumpbox.yml
├── tag_Name_main_productname_uat_mongo.yml
├── tag_Name_main_productname_uat_mongo_arb.yml
├── tag_Name_main_productname_uat_mysql.yml
└── tag_Name_xxx.yml
└── tag_Name_yyy.yml
To get to mongo db which is in private subnet, the group_vars files looks like below
#ansible_ssh_common_args: '-o ProxyCommand="ssh -o StrictHostKeyChecking=no -i {{ hostvars.localhost.reg_jumpbox_ssh_key }} -W %h:%p -q ubuntu@{{ hostvars.localhost.reg_jumpbox_facts.instances.0.public_ip_address }}"'
ansible_ssh_common_args: '-o ProxyCommand="ssh -o StrictHostKeyChecking=no -i ~/Dropbox/creds/pemfiles/ProductUATOps.pem -W %h:%p -q [email protected]"'
Each time I run the command
AWS_PROFILE=myprofile ansible -i ~/infrastructure_as_code/ansible_projects/productname/plugin_inventory/myprofile.aws_ec2.yml tag_Name_main_productname_uat_mongo -m ping -u ubuntu --private-key ~/Dropbox/creds/pemfiles/ProductUATOps.pem -vvvv
it doesn't connect and the full output and some other information are at pastebin.
Now something odd I have see is that, even though in the ansible.cfg there is the host_key_checking= False I still find the following in the command Are you sure you want to continue connecting (yes/no/[fingerprint])?.
I have also seen that it's looking for ~/.ssh/known_hosts2\, /etc/ssh/ssh_known_hosts and /etc/ssh/ssh_known_hosts2 but ~/.ssh/known_hosts is what's there.
There is also one confusing error in the logs "module_stdout": "/bin/sh: 1: /Users/joseph/.pyenv/shims/python: not found\r\n". But the python installation with pyenv has been consistent, os wise:
➜ ~ which python
/Users/joseph/.pyenv/shims/python
➜ ~ python --version
Python 3.8.12 (9ef55f6fc369, Oct 25 2021, 05:10:01)
[PyPy 7.3.7 with GCC Apple LLVM 13.0.0 (clang-1300.0.29.3)]
➜ ~ ls -lh /Users/joseph/.pyenv/shims/python
-rwxr-xr-x 1 joseph staff 183B Feb 14 22:47 /Users/joseph/.pyenv/shims/python
➜ ~ /usr/bin/env python --version
Python 3.8.12 (9ef55f6fc369, Oct 25 2021, 05:10:01)
[PyPy 7.3.7 with GCC Apple LLVM 13.0.0 (clang-1300.0.29.3)]
I suspect the error is due to the fact that something is preventing the fingerprints from getting into the known hosts file and I am tempted to simulate the ssh tunneling manually myself but I would like to understand why this is happening and whether it's because this is a new machine. Can anyone shed some light on this for me . Thanks
After running ansible-config dump using that ansible.cfg, it emits AnsibleOptionsError: Invalid value "merge ##... so it seems ansible just silently ate the config file, or may be using a different one
It seems that while # is a supported beginning of line comment character, ansible-config (as of 2.12.1) only tolerates ; as and end of line comment character
[defaults]
roles_path = roles
host_key_checking = False
hash_behaviour = merge ;;; Note to self: Extremely important settings
interpreter_python = auto ;;; Note to self: Very important settings for running from localhost
[inventory]
enable_plugins = aws_ec2, host_list, script, auto, yaml, ini, toml