Hi,
Is is possible to specify a different user for a certain host? As in:
host1 ansible_remote_user=foobar
host2
host3
…
I mostly care about the machine running ansible. I don’t give out root there to everybody who has root elsewhere, so cannot really allow ansible to connect back to itself as root. Still, I want to expose some management tasks on this machine to ansible, so I created a dedicated user with limited sudo access. Now, how do I tell ansible to always ssh ansible@localhost instead of ssh root@localhost (I have remote_user=root set in /etc/ansible/ansible.cfg)? Alternatively, getting ansible to execute “sudo -u ansible” with local exec() is fine too.
I have seen some playbook examples but none particularly enlightening for me. What do I need to change in the following snippet (hand coded on the spot, please excuse bugs)?
hosts: $host
tasks:
this attempts ssh root@$host and succeeds
- action: command set_up_remote_host --whatever
this attempts ssh root@localhost and fails
- action: command set_up_local_host --whatever
delegate_to: localhost
Best regards,
Grzegorz Nosek
Hi,
Is is possible to specify a different user for a certain host? As in:
host1 ansible_remote_user=foobar
host2
host3
no, as this is not a property of the host ...
but if you are using a playbook you can set the user seperately in each play.
...
I mostly care about the machine running ansible. I don't give out root there
to everybody who has root elsewhere, so cannot really allow ansible to
connect back to itself as root.
At least in 0.8, when using local_action, ansible uses the local
connection type, which seems useful in
your case.
I have seen some playbook examples but none particularly enlightening for
me. What do I need to change in the following snippet (hand coded on the
spot, please excuse bugs)?
hosts: $host
tasks:
# this attempts ssh root@$host and succeeds
- action: command set_up_remote_host --whatever
# this attempts ssh root@localhost and fails
- action: command set_up_local_host --whatever
delegate_to: localhost
I'd remove delegate_to and use "local_action" instead of action.
W dniu 18.10.2012 16:57, Michael DeHaan pisze:
but if you are using a playbook you can set the user seperately in each play.
The flip side is I *have* to, instead of specifying it once in the
inventory.
I have seen some playbook examples but none particularly enlightening for
me. What do I need to change in the following snippet (hand coded on the
spot, please excuse bugs)?
hosts: $host
tasks:
# this attempts ssh root@$host and succeeds
- action: command set_up_remote_host --whatever
# this attempts ssh root@localhost and fails
- action: command set_up_local_host --whatever
delegate_to: localhost
I'd remove delegate_to and use "local_action" instead of action.
Hmm, after poking a bit around, I think I get it. I realized I need to
split the playbook in multiple plays like this:
hosts: $host
tasks:
- action: command set_up_remote_host --whatever
hosts: localhost
connection: local
user: ansible
- action: command set_up_local_host --whatever
I guess I was thinking that a play should be somewhat self-contained
(like a puppet class). Apparently that's completely wrong and the
(rough) equivalent for a puppet class is an entire playbook, right?
Thanks,
Grzegorz Nosek
- action: command set_up_local_host --whatever
I guess I was thinking that a play should be somewhat self-contained
(like a puppet class). Apparently that's completely wrong and the
(rough) equivalent for a puppet class is an entire playbook, right?
Puppet classes really don't model multiple things on multiple hosts at
the same time very well so they don't even try.
They also run everything as root all of the time.
There's store configs for sharing data between hosts via a database,
sure -- but they can't really orchestrate "do this here, then that
over here, than that over here again" at all.