I have another unique use case I’m trying to work through with Ansible that I just can’t seem to get working.
I’ve got a play that configures a service on a system which depends on a change being made to another server (ie: log in to machine A to configure service, log in to machine B to allow machine A to connect to it, then log back into machine A to activate the service). Further, the credentials used to (a) authenticate to the two machines and (b) to escalate / become / sudo for those users are different between the two machines.
So I’m looking for a way to do something like this:
- connect to machine A using user A (ie: without a pasword, using SSH authorized keys)
- escalate (ie: sudo / become) on machine A to set up a new service
- connect to machine B using user B using the password for user B
- escalate (ie: sudo / become) on machine B (NOTE: The sudo password for user A != sudo password for user B)
- change permissions on machine B so machine A can access resources on this system
- reconnect to machine A as user A and launch service (which, in turn, needs access to resources on machine B)
For the life of me I can’t seem to find a good way to swizzle the credentials and SSH parameters for users between hosts in a single play like this. Any advice / suggestions anyone has to accomplish this task would be appreciated.