Bug 1500483

Summary: ssh-extra-args/ssh-common-args ignored (potential regression in 2.4)
Product: [Fedora] Fedora Reporter: Dmitry Tantsur <dtantsur>
Component: ansibleAssignee: Kevin Fenzi <kevin>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 26CC: a.badger, athmanem, kevin, maxim, pcahyna
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ansible-2.4.1.0-2.fc26 ansible-2.4.1.0-2.fc25 ansible-2.4.1.0-2.fc27 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-11-08 23:28:01 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dmitry Tantsur 2017-10-10 17:35:34 UTC 
After F26 brought an update to Ansible 2.4, I can no longer run my ansible playbook. I have a non-standard SSH configuration file, produced by https://docs.openstack.org/tripleo-quickstart. It looks like https://gist.github.com/dtantsur/7ccf5f11aafa2f9e66803be62572874c. I have always invoked it with something like:

    ansible-playbook configure.yml -i undercloud, --ssh-common-args "-F /home/dtantsur/.quickstart/ssh.config.ansible"

(note that host undercloud is defined in the file and is actually a VM on another host).

Until recently my playbook was run correctly. Now it fails when accessing the host:

$ ansible-playbook configure.yml -i undercloud, --ssh-common-args "-F /home/dtantsur/.quickstart/ssh.config.ansible" -vvvv                                                                  master
ansible-playbook 2.4.0.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/home/dtantsur/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible-playbook
  python version = 2.7.13 (default, Sep  5 2017, 08:53:59) [GCC 7.1.1 20170622 (Red Hat 7.1.1-3)]
Using /etc/ansible/ansible.cfg as config file
setting up inventory plugins
Parsed undercloud, inventory source with host_list plugin
[DEPRECATION WARNING]: The use of 'include' for tasks has been deprecated. Use 'import_tasks' for static inclusions or 'include_tasks' for dynamic inclusions. This feature will be removed in a future release. 
Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
[DEPRECATION WARNING]: include is kept for backwards compatibility but usage is discouraged. The module documentation details page may explain more about this rationale.. This feature will be removed in a 
future release. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
statically imported: /home/dtantsur/Projects/config/tasks/repos.yml
statically imported: /home/dtantsur/Projects/config/tasks/vim.yml
statically imported: /home/dtantsur/Projects/config/tasks/devstack.yml
Loading callback plugin default of type stdout, v2.0 from /usr/lib/python2.7/site-packages/ansible/plugins/callback/__init__.pyc

PLAYBOOK: configure.yml *******************************************************************************************************************************************************************************************
1 plays in configure.yml

PLAY [all] ********************************************************************************************************************************************************************************************************

TASK [Gathering Facts] ********************************************************************************************************************************************************************************************
Using module file /usr/lib/python2.7/site-packages/ansible/modules/system/setup.py
<undercloud> ESTABLISH SSH CONNECTION FOR USER: None
<undercloud> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/dtantsur/.ansible/cp/6ac0e091f5 undercloud '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<undercloud> (255, '', 'OpenSSH_7.5p1, OpenSSL 1.1.0f-fips  25 May 2017\r\ndebug1: Reading configuration data /home/dtantsur/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug3: /etc/ssh/ssh_config line 56: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0\r\ndebug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf\r\ndebug3: /etc/ssh/ssh_config.d/05-redhat.conf line 2: Including file /etc/crypto-policies/back-ends/openssh.config depth 1\r\ndebug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config\r\ndebug3: gss kex names ok: [gss-gex-sha1-,gss-group14-sha1-]\r\ndebug3: kex names ok: [curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]\r\ndebug1: /etc/ssh/ssh_config.d/05-redhat.conf line 8: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: Control socket "/home/dtantsur/.ansible/cp/6ac0e091f5" does not exist\r\ndebug2: resolving "undercloud" port 22\r\nssh: Could not resolve hostname undercloud: Name or service not known\r\n')
fatal: [undercloud]: UNREACHABLE! => {
    "changed": false, 
    "msg": "Failed to connect to the host via ssh: OpenSSH_7.5p1, OpenSSL 1.1.0f-fips  25 May 2017\r\ndebug1: Reading configuration data /home/dtantsur/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug3: /etc/ssh/ssh_config line 56: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0\r\ndebug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf\r\ndebug3: /etc/ssh/ssh_config.d/05-redhat.conf line 2: Including file /etc/crypto-policies/back-ends/openssh.config depth 1\r\ndebug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config\r\ndebug3: gss kex names ok: [gss-gex-sha1-,gss-group14-sha1-]\r\ndebug3: kex names ok: [curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]\r\ndebug1: /etc/ssh/ssh_config.d/05-redhat.conf line 8: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: Control socket \"/home/dtantsur/.ansible/cp/6ac0e091f5\" does not exist\r\ndebug2: resolving \"undercloud\" port 22\r\nssh: Could not resolve hostname undercloud: Name or service not known\r\n", 
    "unreachable": true
}
	to retry, use: --limit @/home/dtantsur/Projects/config/configure.retry

PLAY RECAP ********************************************************************************************************************************************************************************************************
undercloud                 : ok=0    changed=0    unreachable=1    failed=0   

As you see, the additional arguments are not present. The issue cannot be reproduced on master, so I assume it was fixed.
Comment 1 Dmitry Tantsur 2017-10-10 17:37:45 UTC 
Apparently fixed by https://github.com/ansible/ansible/pull/31326
Comment 2 Kevin Fenzi 2017-10-11 23:47:27 UTC 
Cool. I'll pick up the fix with 2.4.1.
Comment 3 Fedora Update System 2017-10-31 15:38:09 UTC 
ansible-2.4.1.0-2.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-8bf1b0c692
Comment 4 Fedora Update System 2017-10-31 15:38:42 UTC 
ansible-2.4.1.0-2.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-008017c9fe
Comment 5 Fedora Update System 2017-10-31 15:39:01 UTC 
ansible-2.4.1.0-2.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2017-c2729c23b0
Comment 6 Fedora Update System 2017-10-31 19:10:54 UTC 
ansible-2.4.1.0-2.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-c2729c23b0
Comment 7 Fedora Update System 2017-11-01 16:57:58 UTC 
ansible-2.4.1.0-2.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-008017c9fe
Comment 8 Fedora Update System 2017-11-01 17:22:51 UTC 
ansible-2.4.1.0-2.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-8bf1b0c692
Comment 9 Fedora Update System 2017-11-08 23:28:01 UTC 
ansible-2.4.1.0-2.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2017-11-08 23:30:41 UTC 
ansible-2.4.1.0-2.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2017-11-11 03:10:18 UTC 
ansible-2.4.1.0-2.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.