1

I wish to rsync a directory structure from one remote server to another - using an Ansible playbook.yml. During the play, the ansible shell module's command for rsync fails. I know the reason - it's using a default vendor ssh executable as the backbone of the rsync command. It needs to use a kerberos version of ssh - which is also on the remote system. If I manually log onto remoteA, and execute the exact same rsync command given in the absible script (with the -e /path/to/Kerberos/ssh), it works fine. But it looks like Ansible does not actually honor the -e flag for declaring what ssh to use and therefore generates a Kerberos authentication error.

Is there some way to get it use the correct ssh version with the rsync executable? This is exactly what the -e /desired/version/of/ssh was declaring - but, again, ansible seems to not be able to use that for some reason.

  - name:  "rsync base_directory remoteA  ==> remoteB"
    shell:
      cmd: 'rsync -av -e /path/to/kerberos/version/ssh  base_directory [email protected]:/path/to/desired/location/'
      chdir: '/path/to/remtoteA/parentDir/for/base_directory'

UPDATE: (no solution yet) let me ask the same question in a different way:
How can I force Ansible to use a particular path to ssh as opposed to the first one it finds from the system environment ORIGINAL path?

  • I have tried the user .bashrc $PATH to find help find the correct ssh executable, but it has no effect on the ansible play - only for me when I log in.
  • I am logging in via a regular SSH session, as the same user of the ansible playbook. Again, in regular ssh sessions, the rsync command works; the syntax of the command is exactly the same in the playbook where it fails.
  • extra info: There are 8 servers in our company. I am switching this play to run on a different server from the previous, (where all things work fine, as that server has the kerberized ssh in the default path) only because that server will be decommissioned. Still confused why the newer server is not configured the same, but it's not. And there seems to be nothing I have found to get the rsync command to find (and use) the kerberized version of ssh over the vendor non-keberized version.
Improve this question
10
  • Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Commented Oct 13, 2024 at 18:55
  • You say it's unable to use the command specified in the -e option. What is the error message you receive that points to this being the true problem? Is the error different if you enable more verbose debugging in the raync task? Would you please edit your question to include the error message that you see? Commented Oct 13, 2024 at 21:58
  • Good question: I really only know that manually executing the command works fine, but when the command (with the -e /path/to/kerberos/ssh) is executed by ansible - then it gives the exact same “gssapi-with-mic” authentication error that it gives when I manually issue the command without the -e option. Extra, I edited my .bashrc to prepend the path to find the right ssh … but a debug in ansible for “which ssh” still gives the wrong ssh. Commented Oct 13, 2024 at 23:12
  • Is ansible running as the same user that is being used when you run the command successfully? Commented Oct 13, 2024 at 23:27
  • Yes … ansible is running as the same user when it’s successful from a plain SSH session executing the rsync command. This is one reason why this is so confusing to me about why the ansible script doesn’t work. I even tried to flush cache to see if something was stuck there. Commented Oct 14, 2024 at 0:16

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.