Solved: Permission denied while trying to run a playbook w...

Mawuena · ‎05-18-2025

Hello,

fatal: [managednode]: unreachable! ...changed false, msg... failed to connect to host via ssh: root@managednode : permission denied {publickey. ....... password} ... unreachable: true ...

Is there a specific place to set escalation permission for a playbook with offline role?

Please, help me fix the error above.

Regards

Chetan_Tiwary_ · ‎05-20-2025

@Mawuena Pay attention to the errors.

The package installation error is due to network connectivity - it is not being able to reach the repository.

Also the firewall module lacks state key - check your yaml file for that and correct those areas.

View solution in original post

Chetan_Tiwary_ · ‎05-19-2025

@Mawuena are you able to do ssh manually to that server with the same user ?

You can add the ssh private key file path in the ansible.cfg along with the password or Add --ask-pass parameter to the ansible command line, or may be generate an SSH key and use that key instead to connect to the host over ssh.

Generally root is denied ssh access by default in RHEL 9.

Mawuena · ‎05-20-2025

@Chetan_Tiwary_ Thank you.

Yes, I am able to do ssh manually to that server with the same user, but not with root.

Please, have a look at the screen output:

[berag@controlnode roles]$
[berag@controlnode roles]$ ansible-navigator run apache_role.yml -m stdout -i inventory

PLAY [dev] *********************************************************************

TASK [Gathering Facts] *********************************************************
fatal: [192.168.14.135]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: root@192.168.14.135: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", "unreachable": true}
fatal: [192.168.14.136]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: root@192.168.14.136: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", "unreachable": true}
fatal: [192.168.14.137]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: root@192.168.14.137: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", "unreachable": true}
fatal: [192.168.14.138]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: root@192.168.14.138: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", "unreachable": true}
fatal: [192.168.14.139]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: root@192.168.14.139: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", "unreachable": true}

PLAY RECAP *********************************************************************
192.168.14.135 : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
192.168.14.136 : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
192.168.14.137 : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
192.168.14.138 : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
192.168.14.139 : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
Please review the log for errors.
[berag@controlnode roles]$

Chetan_Tiwary_ · ‎05-20-2025

@Mawuena try the workaround I mentioned in my previous comment and see if it helps.

Mawuena · ‎05-20-2025

@Chetan_Tiwary_ It helped a lot. The situation has improved. No ''permision denied'' again. However, here are the new errors that are coming:

[berag@controlnode ~]$ cd ansible
[berag@controlnode ansible]$ ansible-navigator run apache_role.yml -m stdout

PLAY [dev] *********************************************************************

TASK [Gathering Facts] *********************************************************
ok: [192.168.14.138]
ok: [192.168.14.135]
ok: [192.168.14.137]
ok: [192.168.14.139]
ok: [192.168.14.136]

TASK [apache : install httpd and firewalld package] ****************************
fatal: [192.168.14.137]: FAILED! => {"changed": false, "msg": "Failed to download metadata for repo 'Applications': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried", "rc": 1, "results": []}
fatal: [192.168.14.136]: FAILED! => {"changed": false, "msg": "Failed to download metadata for repo 'Applications': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried", "rc": 1, "results": []}
fatal: [192.168.14.139]: FAILED! => {"changed": false, "msg": "Failed to download metadata for repo 'Applications': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried", "rc": 1, "results": []}
ok: [192.168.14.138]
ok: [192.168.14.135]

TASK [apache : enable and start firewalld] *************************************
ok: [192.168.14.138]
ok: [192.168.14.135]

TASK [apache : host the web page using the template.j2] ************************
ok: [192.168.14.138]
ok: [192.168.14.135]

TASK [apache : allow httpd traffic via the firewall] ***************************
fatal: [192.168.14.138]: FAILED! => {"changed": false, "msg": "missing required arguments: state"}
fatal: [192.168.14.135]: FAILED! => {"changed": false, "msg": "missing required arguments: state"}

PLAY RECAP *********************************************************************
192.168.14.135 : ok=4 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
192.168.14.136 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
192.168.14.137 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
192.168.14.138 : ok=4 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
192.168.14.139 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
Please review the log for errors.

Thanks in advance for feedback.

Chetan_Tiwary_ · ‎05-20-2025

@Mawuena Pay attention to the errors.

The package installation error is due to network connectivity - it is not being able to reach the repository.

Also the firewall module lacks state key - check your yaml file for that and correct those areas.

Mawuena · ‎05-20-2025

Thank you, @Chetan_Tiwary_

Mawuena · ‎05-20-2025

Please see how clean it is now (lol)

All got changed with no failure, then I re-run for the green coloured OK everywhere ...(lol)

[berag@controlnode ansible]$ ansible-navigator run apache_role.yml -m stdout

PLAY [dev] *********************************************************************

TASK [Gathering Facts] *********************************************************
ok: [192.168.14.136]
ok: [192.168.14.138]
ok: [192.168.14.135]
ok: [192.168.14.139]
ok: [192.168.14.137]

TASK [apache : install httpd and firewalld package] ****************************
ok: [192.168.14.139]
ok: [192.168.14.135]
ok: [192.168.14.136]
ok: [192.168.14.138]
ok: [192.168.14.137]

TASK [apache : enable and start firewalld] *************************************
ok: [192.168.14.139]
ok: [192.168.14.135]
ok: [192.168.14.138]
ok: [192.168.14.136]
ok: [192.168.14.137]

TASK [apache : host the web page using the template.j2] ************************
ok: [192.168.14.139]
ok: [192.168.14.137]
ok: [192.168.14.135]
ok: [192.168.14.136]
ok: [192.168.14.138]

TASK [apache : allow httpd traffic via the firewall] ***************************
ok: [192.168.14.135]
ok: [192.168.14.136]
ok: [192.168.14.138]
ok: [192.168.14.139]
ok: [192.168.14.137]

TASK [apache : enable and start httpd service] *********************************
ok: [192.168.14.135]
ok: [192.168.14.136]
ok: [192.168.14.138]
ok: [192.168.14.137]
ok: [192.168.14.139]

PLAY RECAP *********************************************************************
192.168.14.135 : ok=6 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.14.136 : ok=6 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.14.137 : ok=6 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.14.138 : ok=6 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.14.139 : ok=6 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[berag@controlnode ansible]$

Chetan_Tiwary_ · ‎05-20-2025

@Mawuena that means those tasks are already completed - meaning those clients are already in the desired state ( ansible idempotence ) - right ?

Mawuena · ‎05-22-2025

Yes, @Chetan_Tiwary_

Permission denied while trying to run a playbook with offline role

offline roles