Hello,
I followed Ansible best practice to create my ansible automation directory structure like following:
group_vars
group_vars/all
host_vars
os.yml
production
roles
roles/os-issue
Since I’m using ansible user as a remote user, and sudo method to escalate its privileges globally, I want to define this in group_vars/all file. Here is what I define in group_vars/all directory:
It's not necessary to use the "vars:" directive in the files.
See "Organizing host and group variables"
https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html#organizing-host-and-group-variables
# group_vars/all
remote_user: ansible
become: yes
become_method: sudo
Cheers,
-vlado
Hello,
It’s not necessary to use the “vars:” directive in the files.
See “Organizing host and group variables”
https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html#organizing-host-and-group-variablesgroup_vars/all
remote_user: ansible
become: yes
become_method: sudoCheers,
-vlado
I changed per advice. Here is my changed file:
I don’t think the failure is related to using or not using “sudo”. The playbook failed because Ansible could not connect to the remote machine.
The error message:
fatal: [myserver]: UNREACHABLE! => {“changed”: false, “msg”: “Failed to connect to the host via ssh: ============================================================\n|Permission denied (publickey,password,keyboard-
interactive).”, “unreachable”: true}
tells you that Ansible cannot connect to ‘myserver’ over SSH. If you try to connect to the target machine using SSH and the user ‘ansible’ from the command line, does that work? Do you have to type in a password? If you’re using SSH keys, does the ‘ansible’ user have permission to access the correct key?
See https://docs.ansible.com/ansible/latest/user_guide/connection_details.html#ssh-key-setup for information on setting up SSH keys.
Hope this helps point you in the right direction.
Alicia
Hello Alicia,
I just ran ad-hoc command with -u ansible parameter like below:
$ ansible all -i production -u ansible -l mygroup -a “uptime”
myserver | CHANGED | rc=0 >>
12:13:22 up 11 days, 2:26, 2 users, load average: 0.00, 0.02, 0.05
ansible user is defined on myserver, and it is in sudoers file in wheel group without password required.
remote_user is not an inventory var that ansible looks for to inform ansible how to connect. You would instead want to use ansible_user.
And if you add the ‘-b’ option to that?
Hello Dick,
Yes, I added -b option. That worked fine.
$ ansible all -i production -u ansible -l mygroup -a “uptime” -b
myserver | CHANGED | rc=0 >>
12:26:39 up 11 days, 2:40, 2 users, load average: 0.00, 0.01, 0.05
Hello All,
I just figured out myself and I want to post it for sharing with other who would have similar issue like myself.
The issue is what variable names I use in group_vars/all file.
remote_user, become and become_method, are not inventory-like recognized variables, they are recognized in playbook, but not in inventory, although those variables are not put in inventory file, I believe, they are inventory variables.
The correct names when putting in group_vars/all file are:
ansible_user is a variable, can be defined anywhere variables are defined
remote_user is a keyword, as such it can only be set on playbook
objects (play/block/role/task)