Ansible always specifies the user to ssh, so it will not pick it up
from .ssh/config
Is that something that was decided ansible would not do? I think it would
be pretty helpful to heavy ssh users, especially those who have servers
that they access through a gateway ssh server. I suppose I should search
the mailing list...
Is that something that was decided ansible would not do? I think it would be
pretty helpful to heavy ssh users, especially those who have servers that
they access through a gateway ssh server. I suppose I should search the
mailing list...
Basically Ansible is a systems management tool, not a user login tool.
In a given playbook, you may wish to log in from *multiple* different
user accounts to the same box.
By ansible declaratively specifying the user, that makes this
possible, and also makes it very clear
from a self contained playbook what user is being used for the login,
so it's repeatable -- the parameters
are no longer needing the playbook *AND* the ssh config file, and
users don't have to worry about the SSH
config file unless they need, for example, jump hosts.
>
> Is that something that was decided ansible would not do? I think it
would be
> pretty helpful to heavy ssh users, especially those who have servers that
> they access through a gateway ssh server. I suppose I should search the
> mailing list...
>
Basically Ansible is a systems management tool, not a user login tool.
In a given playbook, you may wish to log in from *multiple* different
user accounts to the same box.
By ansible declaratively specifying the user, that makes this
possible, and also makes it very clear
from a self contained playbook what user is being used for the login,
so it's repeatable -- the parameters
are no longer needing the playbook *AND* the ssh config file, and
users don't have to worry about the SSH
config file unless they need, for example, jump hosts.
What would be wrong with honouring the .ssh/config if there is no user in
the playbook or on the command line?
Technically nothing, but it would need to work for /both/ SSHd and
paramiko and only set things if no "-u" was specified either, and only
if the user /was/ specified in the config, and not rely on a config
being set.
In the case where there is no user specified, it uses the current user
account or what is fed to "-u".
(Again, in our eyes, SSH is just the transport layer)
Technically nothing, but it would need to work for /both/ SSHd and
paramiko and only set things if no "-u" was specified either, and only
if the user /was/ specified in the config, and not rely on a config
being set.
In the case where there is no user specified, it uses the current user
account or what is fed to "-u".
(Again, in our eyes, SSH is just the transport layer)
I definitely understand what you are saying in terms of ssh being the
transport layer only.
That said, as a simple ansible user who has a lot of servers and
environments to work with, some behind ssh jump hosts, thus massive use of
.ssh/config, I find this to be a real big pain point. But that's just me.
I have it on my list to look into this and avoid pass -u $user to ssh
if it matches current user.
Should not be to hard and it would enable .ssh/config
This is basically just a function of git and not ansible.
You may wish to checkout your repositories over https:// to make things much easier for you, or deploy using packages, tarballs, or another mechanism if you wish to simplify the SSH checkout.
