Hi,
I seem to be having issues when remote_user is used in conjunction with ansible_ssh_user
For this playbook:
- hosts: tag_application_csds
tasks:
- command: "whoami"
remote_user: deploy
register: whoami
- debug: var=whoami.stdout
with group_vars/tag_application_csds:
ansible_ssh_private_key_file: ~/.ssh/identity.ec2
ansible_ssh_user: ubuntu
If I run $ ansible-playbook test.yml (no other arguments), I get:
ok: [1.1.1.1] => {
"whoami.stdout": "ubuntu"
}
This despite the remote_user: deploy parameter on the task.
If delete the ansible_ssh_user parameter from the group_vars file and run $ ansible-playbook test.yml -u ubuntu, I get as expected:
ok: [1.1.1.1] => {
"whoami.stdout": "deploy"
}
It seems like ansible_ssh_user overrides remote_user used in the playbook.
Is this desired behaviour? If so, it seems counterintuitive to me. If its a bug then I will lodge it.
On different, but related note, are there any benefits/differences in playbook behaviour when using remote_user than using sudo_user? Seems that for remote_user to work, the user must have credentials that allow it to be logged in from the terminal.
Thanks so much,
Steve
I believe it’s intended that the inventory parameter always be used if set.
I’d have to go back through the vast archives to verify the logic, but in general, usually things work the way they have evolved for concrete reasons, one of those was being able to set a reasonable default but also have exceptions.
OTOH, I see the reasoning of making the play stuff “beat” inventory when set as such.
Thoughts everyone?
It has always been the case that inventory ‘wins’ the only way to override that is redefining ansible_ssh_user (either as a var or extra_var).
I would have expected that, too, though never used this combo.
Not sure why it's not like this? Brian, are you aware of a reason?
BTW, while I could accept inventory winning here - this is some kind of
special var that seems to me to be part of the inventory host list, more
than general variables - I'm wondering what the logic is for
ansible_sudo_user? For this one, I could understand setting a default to
e.g. root, but that should definitely be overrideable for say a particular
task.
Serge
it makes sense that the inventory variables override others, the specifics of a host should override the generalities of the plays.
If a play has remote_user = user1, but some hosts have different users, you would not be able to use them otherwise, with inventory overriding, this is possible.
It’s a “can’t win em all” thing.
In one case, you want a way to override all behavior, in another, you want a way to set a default.
In most cases, if you make a host with a given username/pass coupled to it, it means “I really really want to use this” but you could still use other host aliases if you wanted to connect differently.
So the exception case was probably more important when I built that.
you can still override it at run/play level, it is just not with remote_user, you need to set/unset ansible_ssh_user