Hello All,
Just new to Ansible and trying to implement in our organozation.
Noticed this,
When ran ping from root user prompt by mentioning “delpoy” user , it errors out.
Hello All,
Just new to Ansible and trying to implement in our organozation.
Noticed this,
When ran ping from root user prompt by mentioning “delpoy” user , it errors out.
++++++++++++++++++++++++++++++++++
[root@dev-armor21 ~]# ansible all -m ping --user=delpoy
dev-mado21 | UNREACHABLE! => {
“changed”: false,
“msg”: “Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n”,
“unreachable”: true
}
dev-pipe21 | UNREACHABLE! => {
“changed”: false,
“msg”: “Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n”,
“unreachable”: true
}
dev-mado22 | UNREACHABLE! => {
“changed”: false,
“msg”: “Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n”,
“unreachable”: true
}
localhost | SUCCESS => {
“changed”: false,
“ping”: “pong”
}
++++++++++++++++++++++++++++++++++But when switch to deploy user and run ansible ping , it works fine
++++++++++++++++++++++++++++++++++
[root@dev-armor21 ~]# su - deploy
[deploy@dev-armor21 ~]$ ansible all -m ping
localhost | SUCCESS => {
“changed”: false,
“ping”: “pong”
}
dev-mado22 | SUCCESS => {
“changed”: false,
“ping”: “pong”
}
dev-pipe21 | SUCCESS => {
“changed”: false,
“ping”: “pong”
}
dev-mado21 | SUCCESS => {
“changed”: false,
“ping”: “pong”
}
[deploy@dev-armor21 ~]$++++++++++++++++++++++++++++++++++
Is this expected or am I doing something wrong?
My objective is to run ansible command from root ( do not want to share root keys to all hosts ) and with specific users .
Can this be achieved?
Everything you want can be achieved.
But in general it’s not recommended nor needed to run ansible as root.
The reasoning behind your objective doesn’t seem to make much sense?
“I do not want to share root keys to all hosts” - this sounds like you think that you’re giving away secrets to remote hosts.
That is not the case.
With SSH keys the user account doesn’t really matter on both sides - you can connect from and to a whatever user you want.
You might want to read up on privilege escalation: http://docs.ansible.com/ansible/latest/become.html
Ideally you don’t ever use the root account anywhere, just use sudo for actions that require it.
With ansible it’s the same amount of work.
Dick
Thanks for your reply. Indeed , everything is achievable 
I think , I understand what I was trying ( or thinking ) . My bad, got sorted.
Thanks for your reply. Indeed , everything is achievable
I think , I understand what I was trying ( or thinking ) . My bad, got sorted.
Good to hear.
Would you mind sharing how you got thing sorted? I.e. how you implemented it?
Thanks
I mean , my understanding is sorted ( thats what i think)
This is what I understand:-
You need to share the keys of the user from which you are running ansible adhoc command with all the managed host .
So I have created a user account “deploy” and then shared ssh keys of this user to all managed hosts, and now i am able to get all green ping/pong.
hello,
im new to ansible.
im trying to ping host machine but i got error,
UNREACHABLE! => {
“changed”: false,
“msg”: “Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).”,
“unreachable”: true
}
but im able to connect using ssh.