I need to switch users in a playbook: first I need to do some tasks as a root user then I need to change to a limited user and do the rest with that.
My playbook looks like this:
…
This works but I feel that nasty (poor design):
- redundant configuration (in hosts and 2 plays)
- need to switch and then switch back
What is the Best practice to achieve that?
the remote_user: directive can be used at play and task level to
change this, no need to use vars: unless your hosts have those set in
inventory (which overrides remote_user).
Thanks for the tip, but how can I set the credentials for alternative user?
Now I have only one user set in hosts file:
ansible-sandbox ansible_ssh_host=ansible-sandbox.local ansible_ssh_user=ci ansible_ssh_private_key_file=~/.ssh/ci
- május 29., péntek 17:56:28 UTC+2 időpontban Brian Coca a következőt írta:
One question and one issue:
-
question (above):
How can I set the credentials for alternative user?
-
issue:
playbook:
remote_user: root
vars:
remote_user: ci
…
Does not work: ‘Main play’ will be executed as root user
If I put the following at the end:
- ansible_ssh_private_key_file: ~/.ssh/site-ci
…then I get the following error:
SSH Error: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
So root user is stucked somehow… and one cannot authenticate root with ci’s key.
Regards:
Bence
- május 29., péntek 18:15:19 UTC+2 időpontban Bence Takács a következőt írta:
what version of ansible? os? python?
switching users seems to be working fine for me.
… but where do you store the alternative user’s credentials?
2015.05.29. 19:27 ezt írta (“Brian Coca” <bcoca@ansible.com>):
Well, actually it’s Windows with babun (cygwin) and python 2.7.x
Do you think this is because of the OS?
SSH agent? Is hat work for private keys too? Or just for passwords? I suspects that more than the OS
Regards:
Bence
2015.05.29. 20:40 ezt írta (“Brian Coca” <bcoca@ansible.com>):
Probably a combination of issues, there is some success running
ansible on cygwin but also many problems, this is not a supported
platform
Thanks, Brian
With ssh-agent I reduced my ‘hosts’ file radically, and removed the ‘ansible_ssh_private_key_file’ declarations from the plays.
But I still cannot use the ‘remote_user’ in plays, instead I need to add the ‘ansible_ssh_user’ variable.
This is my first cygwin-related issue with ansible.
Regards:
Bence
- május 30., szombat 3:10:21 UTC+2 időpontban Brian Coca a következőt írta:
Hmmm… I cannot solve the issue, but now instead of using ssh agent I just set up my ~/.ssh/config correctly - and workining fine
- június 1., hétfő 9:51:05 UTC+2 időpontban Bence Takács a következőt írta: