I’m not sure if this is a bug in Ansible 2.0.0.2 or an intended change in behaviour, so I’m asking here before filing any bug report

Ansible version:
ansible 2.0.0.2
config file = /etc/ansible/ansible.cfg
configured module search path = Default w/o overrides

Ansible configuration:

Default

Environment:

Ubuntu 14.04

Summary:

If I have an inventory file that contains hosts listed only by their IP, but I use the DNS name in delegate_to, then the delegate_to command runs with no ssh user (it outputs “ESTABLISH SSH CONNECTION FOR USER: None”).

In Ansible 1.9 it worked fine, but since upgrading to Ansible 2.0 it does not work. Our inventory file is created by the ec2.py script at https://raw.githubusercontent.com/ansible/ansible/devel/contrib/inventory/ec2.py

Steps to reproduce:

I used vagrant to launch two boxes for testing (vagrantfile below) and added box2 to my hosts file:

192.168.120.12 box2

Given an inventory file:

[tag_hosttype_box1]
192.168.120.11

[tag_hosttype_box2]
192.168.120.12

and a playbook:

• name: whoami
  command: whoami

• name: IP Delegate whoami (works)
  command: whoami
  delegate_to: 192.168.120.12

• name: Name Delegate whoami (fails)
  command: whoami
  delegate_to: box2

Ansible output (summarized):

ansible-playbook -i inventory.yml box1.yml --extra-vars=“ansible_ssh_user=vagrant” -vvvv --private-key=~/.vagrant.d/insecure_private_key
Using /etc/ansible/ansible.cfg as config file
Loaded callback default of type stdout, v2.0
1 plays in box1.yml

PLAY ***************************************************************************

TASK [setup] *******************************************************************
<192.168.120.11> ESTABLISH SSH CONNECTION FOR USER: vagrant

TASK [box1 : whoami] ***********************************************************
task path: /home/adavison/vagrant/ansible-test/roles/box1/tasks/main.yml:4
<192.168.120.11> ESTABLISH SSH CONNECTION FOR USER: vagrant

TASK [box1 : IP Delegate whoami] ***********************************************
task path: /home/adavison/vagrant/ansible-test/roles/box1/tasks/main.yml:7
<192.168.120.12> ESTABLISH SSH CONNECTION FOR USER: vagrant

TASK [box1 : Name Delegate whoami] *********************************************
task path: /home/adavison/vagrant/ansible-test/roles/box1/tasks/main.yml:11
ESTABLISH SSH CONNECTION FOR USER: None

PLAY RECAP *********************************************************************
192.168.120.11 : ok=3 changed=2 unreachable=1 failed=0

Note the “ESTABLISH SSH CONNECTION FOR USER: None” in the last task.

Simply adding “box2” to the inventory file resolves the problem, but I can’t easily do this for our EC2 hosts as the inventory is auto-generated each time. I can work around this for now by changing the “delegate_to” value to the IPs of the hosts in our playbooks, but wanted to check if this is an intended change in behaviour since 1.9 or a bug?

Kind regards

Andrew

Vagrantfile

-- mode: ruby --

vi: set ft=ruby :

Vagrantfile API/syntax version. Don’t touch unless you know what you’re doing!

VAGRANTFILE_API_VERSION = “2”

Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
config.ssh.insert_key = false
config.vm.define “box1” do |box1|
box1.vm.provider “virtualbox” do |v|
v.memory = 512
end
box1.vm.box = “ubuntu/trusty64”
box1.vm.hostname = “box1”
box1.vm.network “private_network”, ip: “192.168.120.11”, netmask: “255.255.255.0”
end

config.vm.define “box2” do |box2|
box2.vm.provider “virtualbox” do |v|
v.memory = 512
end
box2.vm.box = “ubuntu/trusty64”
box2.vm.hostname = “box2”
box2.vm.network “private_network”, ip: “192.168.120.12”, netmask: “255.255.255.0”
end

end

since box2 does not have an inventory reference it is not picking up
the need to login as vagrant user, does setting `remote_user: vagrant`
fix this?

Hi, thanks for the reply.

Setting remote_user: vagrant does not appear to fix this I’m afraid. I ran the command as:

ansible-playbook -i inventory.yml box1.yml --extra-vars=“ansible_ssh_user=vagrant remote_user=vagrant” -vvvv –
private-key=~/.vagrant.d/insecure_private_key

and there was no change, the last task still outputs “ESTABLISH SSH CONNECTION FOR USER: None”.

Kind regards

Andrew

remote_user is not a variable, its a directive, ansible_ssh_user would
override it anyways.

Aha, sorry. I created an ~/.ansible.cfg file and placed the remote_user directive in it:

[defaults]
remote_user=vagrant

Then ran the command again:

ansible-playbook -i inventory.yml box1.yml --extra-vars=“ansible_ssh_user=vagrant” -vvvv --private-key=~/.vagrant.d/insecure_private_key

This time it worked!

However, we run our ansible playbooks from a Tower host and have other jobs which don’t run as that user, so this solution is not good if it sets it for all playbooks.

As you mentioned ansible_ssh_user should override remote_user I tried setting remote_user to vagrant2 as a test, but the delegate_to command still tried to ssh as vagrant2 (so ansible_ssh_user=vagrant was not overriding it). Is there a way to set remote_user per playbook (or task?).

Kind regards

Andrew

remote_user is ONLY in play or task, in ansible.cfg has a 'user'
option, again, all overridden by ansible_ssh_user

Well now I’m more confused, because setting remote_user in ansible.cfg did “fix” the problem and also the documentation does list remote_user as a config file setting:
http://docs.ansible.com/ansible/intro_configuration.html#remote-user

If I set remote_user at the task level:

• name: Name Delegate whoami
  command: whoami
  delegate_to: box2
  remote_user: vagrant

It does not work, I still get “ESTABLISH SSH CONNECTION FOR USER: None”.

If I set remote_user at the playbook level:

• hosts: tag_hosttype_box1
  roles:
• role: box1
  remote_user: vagrant

it does not work, I still get “ESTABLISH SSH CONNECTION FOR USER: None”.

So is this a bug or am I still misunderstanding?

Kind regards

Andrew

I was wrong, it used to be "user" on the PLAY not in config ... my bad ....