Using AWS EC2 public DNS hostnames in Ansible inventory directly results in an obscure UNREACHABLE! failure:
$ ansible all -i ./inventory -m ping -vvvv
Loaded callback minimal of type stdout, v2.0
<ec2-xxx.compute.amazonaws.com> ESTABLISH SSH CONNECTION FOR USER: root
<ec2-xxx.compute.amazonaws.com> SSH: EXEC ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=root -o ConnectTimeout=10 -o ControlPath=/Users/xxx/.ansible/cp/ansible-ssh-%h-%p-%r ec2-xxx.compute.amazonaws.com '/bin/sh -c '"'"'mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1471511656.65-147708857060361 `" && echo "` echo $HOME/.ansible/tmp/ansible-tmp-1471511656.65-147708857060361 `"'"'"''
app1 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh.",
"unreachable": true
}This hides the real error unix_listener: "/Users/xxx/.ansible/..." too long for Unix domain socket, which can be seen running the generated ssh command directly:
$ ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=root -o ConnectTimeout=10 -o ControlPath=/Users/xxx/.ansible/cp/ansible-ssh-%h-%p-%r ec2-xxx.compute.amazonaws.com '/bin/sh -c '"'"'mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1471511656.65-147708857060361 `" && echo "` echo $HOME/.ansible/tmp/ansible-tmp-1471511656.65-147708857060361 `"'"'"''
...
unix_listener: "/Users/xxx/.ansible/cp/ansible-ssh-ec2-xxx.compute.amazonaws.com-22-admin.xyj9k0suFGyNUxMo" too long for Unix domain socketSo all is okay, just use the host IP or a custom shorter DNS name.