Not understanding why getting a failure on a task with "remote_user" set

Archives Ansible Project
1

Hi all,

The section of the playbook that I am experiencing a failure (authenication failure) on is as follows:

`

  • name: Enable passwordless connection as hdfs user to namenode host
    authorized_key: user=hdfs key=“{{ lookup(‘file’, ‘~/.ssh/id_rsa.pub’) }}”
    when: action == “format_hdfs” and “{{ ansible_hostname }}” in “{{ groups[‘hadoop_namenodes’] }}”
    tags: formathdfs

  • name: Format HDFS on namenode
    remote_user: hdfs
    shell: source ~/.profile && {{ install_directory }}/hadoop/bin/hdfs namenode -format -force
    args:
    executable: /bin/bash
    when: action == “format_hdfs” and “{{ ansible_hostname }}” in “{{ groups[‘hadoop_namenodes’] }}”
    tags: formathdfs

`

When I run the playbook as ‘root’ I get a failure, even though I have set the failing task’s “remote_user” to the appropriate user, and have (in the prior task) done a SSH key exchange for that user…

`
ansible-playbook -u root -k -i test hadoop-site.yml --tags=formathdfs --limit=hadoop-test1
[…]
PLAY [hadoop_namenodes] *******************************************************

GATHERING FACTS ***************************************************************
ok: [hadoop-test1]

TASK: [do-hadoop | Enable passwordless connection as hdfs user to namenode host] ***
ok: [hadoop-test1]

TASK: [do-hadoop | Format HDFS on namenode] ***********************************
fatal: [hadoop-test1] => Authentication failure.

FATAL: all hosts have already failed – aborting

PLAY RECAP ********************************************************************
to retry, use: --limit @/home/will/hadoop-site.retry

hadoop-test1 : ok=4 changed=0 unreachable=1 failed=0

`

However, if I run playbook as the user that needs to perform the failing step (‘hdfs’), it works…

`
ansible-playbook -u hdfs -i test hadoop-site.yml --tags=formathdfs --limit=hadoop-test1
[…]
PLAY [hadoop_namenodes] *******************************************************

GATHERING FACTS ***************************************************************
ok: [hadoop-test1]

TASK: [do-hadoop | Enable passwordless connection as hdfs user to namenode host] ***
ok: [hadoop-test1]

TASK: [do-hadoop | Format HDFS on namenode] ***********************************
changed: [hadoop-test1]

PLAY RECAP ********************************************************************
hadoop-test1 : ok=5 changed=1 unreachable=0 failed=0

`

Can someone explain to me why the first case is failing, and how I could get it to work?

Thanks,
Will

2

The issue is not remote user it is that you are mixing key based and
password based authentication, for hdfs you have a key, but for root
you use a password. These don't mix in the same run and you should
have both users either use keys or passwords.

3

Thanks Brian, make sense… Will do a key exchange for the root account as well.

Best,
Will

4

Or you can just have them as separate plays, right now ansible will
see -k on the command line and expect all connections to prompt for
password, we might want to make this behavior overridable but not sure
how well this can work (though IIRC we do have the inventory var
ansible_ssh_pass that can provide this by host).