playbooks

home / skills / sigridjineth / hello-ansible-skills / ansible-debug

ansible-debug skill

/skills/ansible-debug

This skill helps you diagnose and fix Ansible errors quickly by guiding SSH, authentication, module, and syntax troubleshooting.

npx playbooks add skill sigridjineth/hello-ansible-skills --skill ansible-debug

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
3.3 KB
---
name: ansible-debug
description: Use when playbooks fail with UNREACHABLE, permission denied, MODULE FAILURE, or undefined variable errors. Use when SSH connections fail or sudo password is missing.
---

# Ansible Debugging

## Overview

Ansible errors fall into four categories: connection, authentication, module, and syntax. Systematic diagnosis starts with identifying the category, then isolating the specific cause.

## When to Use

- UNREACHABLE errors (SSH/network issues)
- Permission denied or sudo password errors
- MODULE FAILURE messages
- Undefined variable errors
- Template rendering failures
- Slow playbook execution

## Error Categories

| Category | Symptoms | First Check |
|----------|----------|-------------|
| Connection | UNREACHABLE | `ssh -v user@host` |
| Authentication | Permission denied, Missing sudo password | SSH keys, sudoers config |
| Module | MODULE FAILURE | Module parameters, target state |
| Syntax | YAML parse error | Line number in error, indentation |

## Quick Diagnosis

### Connection Errors

```bash
# Test SSH directly
ssh -v -i /path/to/key user@hostname

# Test port connectivity
nc -zv hostname 22

# Verify inventory parsing
ansible-inventory --host hostname
```

**Common causes:**
- Wrong IP/hostname in inventory
- Firewall blocking port 22
- SSH key permissions (must be 600)

### Authentication Errors

```bash
# Test with explicit options
ansible hostname -m ping -u user --private-key /path/to/key

# For sudo password issues, either:
ansible-playbook playbook.yml --ask-become-pass
# Or configure NOPASSWD in /etc/sudoers
```

### Module Errors

```bash
# Check module documentation
ansible-doc ansible.builtin.copy

# Verify module parameters match your Ansible version
ansible --version
```

### Variable Errors

```yaml
# Use default filter for optional variables
{{ my_var | default('fallback') }}

# Debug variable values
- ansible.builtin.debug:
    var: problematic_variable
```

## Verbosity Levels

| Flag | Shows |
|------|-------|
| `-v` | Task results |
| `-vv` | Task input parameters |
| `-vvv` | SSH connection details |
| `-vvvv` | Full plugin internals |

Start with `-v`, increase only if needed.

## Debugging Commands

```bash
# Syntax check only
ansible-playbook --syntax-check playbook.yml

# Dry run
ansible-playbook --check playbook.yml

# Step through tasks
ansible-playbook --step playbook.yml

# Start at specific task
ansible-playbook --start-at-task "Task Name" playbook.yml

# Limit to specific host
ansible-playbook --limit hostname playbook.yml
```

## Common Error Patterns

| Error | Cause | Fix |
|-------|-------|-----|
| `Permission denied (publickey)` | SSH key not accepted | Check key permissions, verify authorized_keys |
| `Missing sudo password` | become=true without password | Use `--ask-become-pass` or configure NOPASSWD |
| `No such file or directory` | Path doesn't exist | Create parent directories first |
| `Unable to lock` (apt/yum) | Package manager locked | Wait for other process, remove stale lock |
| `undefined variable` | Variable not defined | Check spelling, use `default()` filter |

## Performance Debugging

```ini
# ansible.cfg
[defaults]
callback_whitelist = profile_tasks  # Show task timing

[ssh_connection]
pipelining = True                   # Faster SSH
```

```yaml
# Skip fact gathering if not needed
- hosts: all
  gather_facts: no
```

Overview

This skill helps diagnose and fix common Ansible failures like UNREACHABLE, permission denied, MODULE FAILURE, and undefined variable errors. It provides step-by-step checks for SSH/connectivity, authentication/sudo, module parameter issues, and variable/template problems. Use it to reduce troubleshooting time and recover failed playbook runs quickly.

How this skill works

The skill walks through targeted inspections: test SSH connectivity and ports, verify inventory parsing, and confirm key and sudo configuration. It then checks module compatibility and parameters, inspects variables and templates with debug tasks and defaults, and recommends verbosity levels and playbook commands for focused diagnosis. It also suggests config tweaks and performance options to prevent recurrence.

When to use it

  • When playbooks report UNREACHABLE or SSH connection failures
  • When you see Permission denied or Missing sudo password errors
  • When MODULE FAILURE or unexpected module output appears
  • When templates fail to render or variables are undefined
  • When playbooks run slowly or tasks time out

Best practices

  • Start by categorizing the error (connection, authentication, module, or syntax) before changing code
  • Reproduce the problem manually: ssh -v user@host and nc -zv host 22 to isolate connectivity
  • Use ansible-playbook flags (--syntax-check, --check, --step, --start-at-task, --limit) to narrow scope
  • Increase verbosity progressively (-v, -vv, -vvv) and avoid -vvvv unless debugging internals
  • Use defaults and ansible.builtin.debug to handle optional variables and surface values

Example use cases

  • Fixing UNREACHABLE errors by validating inventory hostnames, SSH keys, and firewalls
  • Resolving sudo password failures by running playbooks with --ask-become-pass or adjusting sudoers for NOPASSWD
  • Diagnosing MODULE FAILURE by checking ansible-doc for parameter changes and verifying the control node Ansible version
  • Tracking undefined variables and template errors using debug tasks and the default filter
  • Speeding up playbooks by disabling fact gathering or enabling pipelining in ansible.cfg

FAQ

What verbosity level should I start with?

Start with -v to see task results and increase only if you need task input (-vv) or SSH details (-vvv). Avoid -vvvv unless you need plugin internals.

How do I test SSH outside Ansible?

Use ssh -v -i /path/to/key user@host and nc -zv host 22 to check authentication and port reachability.

How can I avoid undefined variable errors?

Use the default filter ({{ var | default('fallback') }}) and add ansible.builtin.debug tasks to print values during development.