In the http://www.ansibleworks.com/docs/gettingstarted.html does it assume you have a valid ssh user set up on all your servers prior to running any playbooks?
I’ve set up a three node cluster via basic vagrant, and when I try to push a user to the other two nodes, it can’t. And the default vagrant user doesn’t have an id_rsa file for me to copy onto the “master” vm. So, do I need to create a user on each VM with an ssh-key before I can run ansible?
You can SSH as root or any user other on the system, you do not need a user named ‘ansible’ or anything like that.
(I’d suggest learning Ansible first without vagrant, maybe)
You don’t need an ssh key, but you do need an existing user. sudo privileges might also be needed, like for adding more users. Another option is having a root ssh key. Many options, just chose the that suits you the most.
David:
Doesn’t the vagrant user use the default vagrant private key with your vagrant box? (i.e., can you do "vagrant ssh to ssh into the instance)?
On my machine, that key is automatically installed in ~/.vagrant.d/insecure_private_key
Lorin
You can’t ssh in as root on ubuntu since ubuntu disables the root account.
‘vagrant ssh vm’ works fine on my host. The issue is ssh’ing between vm’s. So a private key on my host doesn’t help much when I’m trying to do things between vm’s.
The default vagrant user has no password, or at least I don’t think it does, even though it has sudo access.
So it looks like I do need a user with sudo access and a password/sshkey on each vm. In addition to the one vagrant adds automatically.
Thanks for the help!
Yes, but it's not a strong block on 10.04 or 12.04. The root account has
its password disabled, but only in the ordinary way (equivalent to "passwd
--lock"), and the sshd_config file allows root logins. So you can create
/root/.ssh/authorized_keys (or maybe set a password) and ssh in as root.
It's usually better to give sudo privileges to another account than to ssh
in as root. I just wanted to point out that it's possible.
-Greg
In an automated config system where you don't habitually log in as
root, I don't think it makes any difference. You're either running as
root or you're running all commands with sudo. The privilege level is
the same. The risk of key compromise is the same.
A sudo user helps save you from yourself if you're manually logged in
and doing things.
David
sudo actions are logged.
if you have multiple admins, using ansible, this can be invaluable in tracking down issues.
K
Ansible has some degree of logging it does itself, too, on the remote systems.
Is that documented anywhere? I opened a ticket because I couldn’t find a description of this in the docs: https://github.com/ansible/ansible/issues/3431
Probably not. Can of course be easily rectified 