Hi All,
Here is my playbook, and the settings to use the machine credential username, yet it still does ssh as user=root
Expected results
<myhostname.local> SSH: EXEC sshpass -d10 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=22 -o ‘-u “username_used_in_credential” -o ConnectTimeout=10 -o ‘ControlPath=“/home/runner/.ansible/cp/1e6060cc9b”’ myhostname.local ‘/bin/sh -c ‘"’“‘echo ~root && sleep 0’”’"’’
Actual results
<myhostname.local> SSH: EXEC sshpass -d10 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=22 -o ‘User=“root”’ -o ConnectTimeout=10 -o ‘ControlPath=“/home/runner/.ansible/cp/1e6060cc9b”’ myhostname.local ‘/bin/sh -c ‘"’“‘echo ~root && sleep 0’”’"‘’
I originally thought this could be a bug but have been advised it is probably a mis-config on my behalf.
AWX version
21.7.0
Container Platform: OKD 4.10
Thanks in advance
Also of note is if I set the username directly in the playbook it STILL connects as root, so this does not seem to be an AWX issue not passing in the username, rather one with Ansible?
vars:
machine:
username: my_username
Check your play config in AWX to see who you set it as. You can set your credentials in AWX that are different than the logged in user and the play will use the set username/credentials instead of logged in user. Handy for when you want to give play execute permissions to a junior member for a host they have no permissions on.
Sorry I accidentally clicked reply_author!! I have no way to see what I sent you so please post it back here in your reply
I will have another try:
So I am comparing Ansible Tower and AWX here with exactly the same playbook and no credentials selected.
The playbook specifies a hard coded remote user, I know it wont actually connect because there is no password but I am trying to troubleshoot what username is being used so this will fit the purpose of the test.
PLAYBOOK:
So in my previous usage of AWX if there is a userId saved with the host credentials, then it will be used for the connection. Also if you have defined the user in the play executor in AWX, that would be used. Then it would default to the credentials actually used in the playback.
My suspicion is that when you created the credentials for accessing that host, you may have accidentally store root as the USER ID.
Unfortunately I don’t have awx installed to grab the screens from, but that’s where I would start looking from previous experience.
Yes I understand that any dynamic config provided by AWX would override the hard coded “remote_user” in the playbook, this is a very good point.
The first one, credentials… I literally have no credential set in the template so we can write that one out.
The second one, “play executor in AWX”, I do not know what or where that is so I doubt I have changed it, and I certainly would never set it to root.
Could this be some new default in AWX that needs to be overridden?
Thanks.
Brett,
The first one, credentials… I literally have no credential set in the template so we can write that one out.
So the JT doesn’t have the credential assigned to it?
if so, we wouldn’t expect -u “username_used_in_credential”, as you mentioned in the opening post
AWX defaults to root if a username from the credential isn’t supplied.
What happens when you attach a machine credential to the JT?
AWX Team
Hi, thanks for the suggestion.
When I set a machine credential in the job template the user is still root on the ssh, this is my fundamental problem.
I forgot to show in my OP that I am hard coding: remote_user=“username_used_in_credential” for this test.
So can you clarify that even though my playbook has this hard coded that AWX will override it? because it wont…
The same playbook works in Ansible Tower fine by the way, it uses the machine credential in the ssh.
Thanks,
Brett.
For anyone else who ever has this problem dont put this in the Inventory Yaml 
username: root
Yup, rather will do it too… glad you were able to find the culprit.