9

When I run:

ansible all -a "/bin/echo hello" -u myuser

I get back:

mydomain.myhost.com | FAILED => failed to open a SFTP connection (Channel closed.)

The SFTP subsystem is disabled on the managed node I'm trying to connect to.

Is SFTP required on the managed nodes? The Ansible docs don't mention SFTP specifically: http://docs.ansible.com/intro_installation.html#managed-node-requirements

I tried setting this value in ansible.cfg:

scp_if_ssh=True

...but it had no effect. (Thanks to Fred the Magic Wonder Dog for the suggestion.)

I also ensured that my non-interactive shell doesn't produce any output as suggested here.

Community
  • 1
braveterry
  • 897
  • 2
  • 7
  • 13

3 Answers3

6

Yes, ansible depends on being able to transfer files to the remote machine. It uses sftp to do this by default. You can override this to use scp using 

scp_if_ssh
Occasionally users may be managing a remote system that doesn’t have SFTP enabled. If set to True, we can cause scp to be used to transfer remote files instead:

scp_if_ssh=False
There’s really no reason to change this unless problems are encountered, and then there’s also no real drawback to managing the switch. Most environments support SFTP by default and this doesn’t usually need to be changed.

The above information was taken from this page:

http://docs.ansible.com/intro_configuration.html#openssh-specific-settings

Fred the Magic Wonder Dog
  • 2,095
  • 12
  • 17
5

Here's what I ended up doing:

  1. Copied /etc/ansible/ansible.cfg to ~/.ansible.cfg
  2. Edited ~/.ansible.cfg.
  3. Changed #scp_if_ssh = False to scp_if_ssh = True
  4. Added ssh_args = to [ssh_connection] section.
  5. Ran my command with -c SSH flag

Thanks to Fred the Magic Wonder Dog for pointing me in the right direction.

Community
  • 1
braveterry
  • 897
  • 2
  • 7
  • 13
  • 3
    better to have code segment for your settings (`ansible.cfg`), i noticed `scp_if_ssh=True` shall be put below `[ssh_connection]`, `ssh_args` is optional depends on each configuration. – larrycai Sep 01 '14 at 06:52
0

You can use connection: paramiko. It works even when both stfp and scp are not avilable. Under the hood, it uses the same ssh as the "normal" ssh, so even ~/.ssh/config will apply.

Alternatively, the connection type can be specified via env variable, on the command line via -c switch, and in ansible.cfg.

For example:

- hosts: all
  connection: paramiko
  tasks:
    command: echo ok

or

ansible all -c paramiko -a "/bin/echo hello" -u myuser

If paramiko is not installed, but may have to install it via pip (pip install paramiko) or using your distributive-specific package manager (apt install python3-paramiko if you're using ansible with python3, check using ansible --version)

LogicDaemon
  • 187
  • 8