Are you getting Ansible error unable to open shell? We can help you to fix it.

Users often get this error while trying to use the ios_commands or ios_configs modules.

The error indicates that the ansible-connection daemon is unable to connect to a remote device.

At Bobcares, we often get requests to fix Ansible errors, as a part of our Server Management Services.

Today, let’s see a brief guide on how our Support Engineers fix this.

How to troubleshoot the Ansible error unable to open shell?

Ansible is an IT automation tool. Whenever some errors show up, our Support Engineers identify the reason for this.

Usually, we do this by enabling network logging. This is an important feature that helps in diagnosing the error. By default, this feature is disabled.

We enable it using the options ANSIBLE_LOG_PATH and ANSIBLE_DEBUG options. So to enable logging we use the command,

export ANSIBLE_LOG_PATH=~/ansible.log
# Enable Debug
export ANSIBLE_DEBUG=True

# Run with 4*v for connection level verbosity
ansible-playbook -vvvv ...

After running this we check the log file. This shows up the error as,

Then we inspect the log and identify the reason for the failure. Generally, the error unable to open shell is an authentication error.

Let’s see a few instances that showed up in the error log.

How we fix the error unable to open shell?

The error logs show different reasons that caused Ansible error. Here we will see a few such errors and their fix.

Unable to open a shell as name or service not known

This error shows up when the remote host is unable to reach. Usually, this occurs when the suboption host is not set or set incorrectly.

If the option provider is not used then we check the inventory files and correct it.

Authentication failed to cause the error unable to open shell

The log shows the authentication failed message if there is an error in accessing the credentials for Ansible connection.

Usually, this occurs when the Python SSH library, paramiko is using the ssh keys. To check this we use,

export ANSIBLE_PARAMIKO_LOOK_FOR_KEYS=False

And to make this change permanent we add the following to ansible.cfg,

[paramiko_connection]
look_for_keys = False

Hence it passes correct ssh credentials to connect to Ansible.

Connecting to host returned an error

Similarly, if the SSH fingerprint is not added to Paramiko’s known host’s file, it shows up the error. Usually, this runs in the background. But if there is no valid SSH key, Ansible prompt users to add the host key.

And it interrupts the background running process. Hence it shows up the error. In this case, our Support Engineers check the known_hosts. Alternatively, we can ask Ansible to accept all the key.

For this add the environment variable

export ANSIBLE_PARAMIKO_HOST_KEY_AUTO_ADD=True
ansible-playbook ...

Later in the ansible.cfg, add the below code.

[paramiko_connection]
host_key_auto_add = True

Hence, it accepts all the keys.

No authentication methods available

This indicates that the authentication method is not specified. Otherwise, there is no password or SSH key.

So our Support Engineers specify the authentication method and correct if there is any configuration error.

[Still, having trouble in fixing Ansible error? – We can help you.]

Conclusion

In short, Ansible shows the error unable to open shell, when the connection daemon is unable to connect to the remote host. Today, we saw a few reasons that caused the error and also saw how our Support Engineers fixed this.