Ansible-playbook Permission denied: /opt/morpheus/.ssh/ansible

daleconklin · September 26, 2023, 2:47pm

When trying to run an ansible playbook for a cisco switch we receive “Permission denied: /opt/morpheus/.ssh/ansible”. The morpheus-app user is running the ansible-playbook task and is also the owner of the /opt/morpheus/.ssh/ansible file. The other strange fact is that we are not using keys to access the cisco switches, only username/password.

I’m trying to run a playbook against a cisco switch. My inventory file looks like this:

[cisco_switches]
 toc-lab-gw ansible_ssh_user=morpheus ansible_ssh_pass="<%=cypher.read('secret/morpheus_cisco_pass')%>"

[cisco_switches:vars]
 ansible_connection=network_cli
 ansible_network_os=ios
 ansible_port=22

And my playbook looks like this:

---


- name: gatherAllFacts
  hosts: cisco_switches
  connection: network_cli
  gather_facts: false
  tasks:
    - name: Gather All Facts
      ios_facts:

Has anyone else seen this issue?

cbunge · September 26, 2023, 4:34pm

Just high level, it looks like your cypher reference is incorrect. You should be using the cypher lookup similar to this:

{{ lookup('cypher','secret=secret/mypassword') }}

https://docs.morpheusdata.com/en/latest/integration_guides/Automation/ansible.html#using-secrets

My guess that is throwing some sort of conflict and causing improper execution.

daleconklin · September 27, 2023, 12:34am

Good point. I updated the relevant section to:

[cisco_switches]
 toc-lab-gw ansible_ssh_user=morpheus ansible_ssh_pass="{{ lookup('cypher','secret=secret/morpheus_cisco_pass') }}"

I still get the same error

daleconklin · September 27, 2023, 12:44am

the ansible verbose logs show:

PLAYBOOK: cisco.yml ************************************************************
Positional arguments: ./playbooks/cisco.yml
subset: cisco_switches
private_key_file: /opt/morpheus/.ssh/ansible
become_method: sudo
<snip>

Morpheus appears to be adding the private_key_file and become_method parameters.

daleconklin · September 27, 2023, 1:20am

I found private_key_file setting was set in /etc/ansible/ansible.cfg. I removed the default and it works now. I still am wondering where become_method: sudo is coming from and why the morpheus_app user could not access its own private key file though.

Topic		Replies	Views
Ansible execution Automation/IaC automation	2	278	April 8, 2022
Fix: Ansible playbook fails with "The error was: ImportError: cannot import name exceptions" Automation/IaC automation , ansible	0	124	November 24, 2023
Not able to execute Ansible tasks on an Instance Automation/IaC ansible	3	234	August 25, 2023
How to use Morpheus CLI commands in ansible playbooks Automation/IaC instances , automation , cli	18	286	May 20, 2023
Ansible command not found Automation/IaC automation , ansible	9	378	March 18, 2023

Ansible-playbook Permission denied: /opt/morpheus/.ssh/ansible

Related Topics