Red Hat Satellite 6.4 fails to run ansible-based remote execute commands when enrolled in IdM domain

Solution Verified - Updated

Environment

  • Red Hat Satellite 6.4
  • Red Hat Identity Manager

Issue

  • Satellite 6.4 fails when running any Ansible-based remote execution job, whereas all remote execution and puppet configurations are working correctly.
  • Satellite 6.4 is enrolled in Red Hat IdM.
  • Satellite's Ansible-based remote execution task results in:
    {"changed": false, "msg": "Failed to connect to the host via ssh: ssh_exchange_identification: Connection closed by remote host\r\n", "unreachable": true}

Resolution

Make Satellite ignore the ssh client's ProxyCommand global setting from /etc/ssh/ssh_config by adding ProxyCommand none to Satellite's ~foreman-proxy/.ssh/config:

# install -dv -g foreman-proxy -o foreman-proxy -m 0700 ~foreman-proxy/.ssh
install: creating directory ‘/usr/share/foreman-proxy/.ssh’
# cat >> ~foreman-proxy/.ssh/config <<FINISH
Host *
  ProxyCommand none
FINISH

For more KB articles/solutions related to Red Hat Satellite 6.x Remote Execution Issues, please refer to the Red Hat Satellite Consolidated Troubleshooting Article for Red Hat Satellite 6.x Remote Execution Issues

Root Cause

When enrolling a server on an IdM domain, the ipa-client-install command modifies /etc/ssh/ssh_config to add a line with ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h. This in turn causes problems with Ansible if the host being accessed is not also a member of the same IdM domain as Satellite.

Diagnostic Steps

On the Satellite 6.4 examine the failed host task for a similar error:
UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: ssh_exchange_identification: Connection closed by remote host\r\n", "unreachable": true}
If your system is enrolled in a Red Hat IdM domain, look into /etc/ssh/ssh_config and check if the line ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h is active and enabled.

SBR
Product(s)
Components
Category
Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.