So my question is, why is the user ANSIBLE (managed host’s user) the one executing the task in HOST1.EXAMPLE.COM, if I didn’t specify REMOTE_USER= ANSIBLE? Why ANSIBLE, and not SSHUSER??
(for sure If I write -b (become), ROOT will be the one executing the action)
* Best practice is to run ansible on controller as unprivileged user (not
root) who will automatically become "ansible_user" (if not overridden in
the inventory).
* ansible will ssh ansible_user@remote if not overridden by --user option on
the command line, or in the play (remote_user)
Thank you Vladimir for your quick and useful answer!
I’ve understood the basis now, but… it raises the question below:
Let’s imagine that I don’t have ANSIBLE user on the managed host, as follows:
–>Control Node: ANSIBLE - ROOT
–>Managed Host: SSHUSER - ROOT
Taking into account that I am not overriding any “user” kind variables (either remote_user in playbooks or ansible_user in the inventory)…
What would happen if I am ANSIBLE in the Control Node, and I run the ID Command on the Managed Host with no priv. escalation?
If ANSIBLE is my default “ansible_user” and It establishes a SSH connection like ANSIBLE@host1.example.com… It would prompt an error because the user does not exists on the managed host, wouldn’t it?
(I don’t want to try deleting Ansible user with the aim of not changing the test environment as much as possible)
Thank you very much in advance… your help is really apreciated.
Exacly!
I’ve created a new user (usertest) on the Control Node and tried to connect to the managed node, with the same conditions as before (ansible user with no priv. escalation nor ansible_user var defined).
Result → SSH raised an authentication error =)