Checking SSH connectivity

About this task

Check the SSH connectivity from the management machine to other host machines. The SSH connectivity check provides details regarding the configured user, IP address of the hosts for which SSH connectivity works or fails. Run the check before deploying PingIntelligence components. Enter the following command on the management host command line.

Steps

$ ./bin/start.sh check

User configured for SSH: ec2-user
Checking sudo connectivity between ansible management host and other hosts...
172.16.40.187 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
SSH connectivity to all hosts is successful
Capturing host information...
Host information is captured successfully

Troubleshooting

Possible errors during SSH connectivity

During SSH connectivity check between management host machine and PingIntelligence hosts, you may encounter some errors because of user permission issues or connectivity issues between machines. Following are some of the probable error messages that you may see:

You have configured user to use password to authenticate with the hosts machines, however, the configured password in the hosts file is wrong.

User configured for SSH: ec2-user
Checking connectivity between ansible management host and other hosts...
172.16.40.187 | UNREACHABLE! => {
    "changed": false,
    "msg": "Authentication failure.",
    "unreachable": true
}
Sun Jul 12 19:22:41 MDT 2020: SSH connection error: connectivity to all hosts is not successful for ec2-user

ansible_ssh_pass for authentication with password is uncommented in the hosts file. However, the password field has been left empty. Leaving the value empty is equivalent to passworld-less authentication.

User configured for SSH: ec2-user
Checking connectivity between ansible management host and other hosts...
172.16.40.187 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: Permission denied (publickey,password).\r\n",
    "unreachable": true
}
Sun Jul 12 19:26:16 MDT 2020: SSH connection error: connectivity to all hosts is not successful for ec2-user

install_with_sudo is set to true and there is an error connecting to PingIntelligence host machines.

User configured for SSH: ec2-user
Checking sudo connectivity between ansible management host and other hosts...
172.16.40.187 | FAILED! => {
    "changed": false,
    "module_stderr": "Connection to 172.16.40.187 closed.\r\n",
    "module_stdout": "sudo: a password is required\r\n",
    "msg": "MODULE FAILURE",
    "rc": 1
}
Sun Jul 12 19:30:26 MDT 2020: SSH connection error: sudo connectivity to all hosts is not successful for ec2-user

The probable reasons for error in connectivity could be:

The user is not in the sudoers file or the user is not in any group that has sudo privileges
The user does not have NOPASSWD: ALL privileges in the sudoers file.

The IP address configured in the hosts file is not available.

User configured for SSH: ec2-user
Checking sudo connectivity between ansible management host and other hosts...
172.16.40.81 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: ssh: connect to host 172.16.40.81 port 22: Connection timed out\r\n",
    "unreachable": true
}
Sun Jul 12 21:41:08 MDT 2020: SSH connection error: sudo connectivity to all hosts is not successful for ec2-user

selinux dependency - If you encounter the following error, you need to install selinux package on the host machine on which you see this error. Check the machine mentioned before FAILED! in the output to identify the machine where selinux needs to be installed.
```
[localhost]: FAILED! => {"changed": false, "msg": "Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!"}
  to retry, use: --limit @/home/ec2-user/411/pingidentity/pi-api-deployment/ansible/setup.retry
```