Ansible-playbook Permission denied: /opt/morpheus/.ssh/ansible

When trying to run an ansible playbook for a cisco switch we receive “Permission denied: /opt/morpheus/.ssh/ansible”. The morpheus-app user is running the ansible-playbook task and is also the owner of the /opt/morpheus/.ssh/ansible file. The other strange fact is that we are not using keys to access the cisco switches, only username/password.

I’m trying to run a playbook against a cisco switch. My inventory file looks like this:

 toc-lab-gw ansible_ssh_user=morpheus ansible_ssh_pass="<'secret/morpheus_cisco_pass')%>"


And my playbook looks like this:


- name: gatherAllFacts
  hosts: cisco_switches
  connection: network_cli
  gather_facts: false
    - name: Gather All Facts

Has anyone else seen this issue?

Just high level, it looks like your cypher reference is incorrect. You should be using the cypher lookup similar to this:

{{ lookup('cypher','secret=secret/mypassword') }}

My guess that is throwing some sort of conflict and causing improper execution.

Good point. I updated the relevant section to:

 toc-lab-gw ansible_ssh_user=morpheus ansible_ssh_pass="{{ lookup('cypher','secret=secret/morpheus_cisco_pass') }}"

I still get the same error :cry:

the ansible verbose logs show:

PLAYBOOK: cisco.yml ************************************************************
Positional arguments: ./playbooks/cisco.yml
subset: cisco_switches
private_key_file: /opt/morpheus/.ssh/ansible
become_method: sudo

Morpheus appears to be adding the private_key_file and become_method parameters.

I found private_key_file setting was set in /etc/ansible/ansible.cfg. I removed the default and it works now. I still am wondering where become_method: sudo is coming from and why the morpheus_app user could not access its own private key file though.