Hey there, I had two questions about users (i.e. the user that ansible uses for ssh) and variables:
- Is it possible to specify the user as a variable in a play? I tried this in a play:
- hosts: all
user: $deploy_accountvars_files:
- vars/main.yaml
This is a common question, and probably suggests vars_files needs a small amount of more explanation in the docs.
vars_files is evaluated in host specific context, because you can use host specific facts, like the distribution, to generate filenames.
As a result, you can use variables from vars_files in action lines of tasks, and templates, sure, but higher level things that are evaluated before we start talking to hosts (task names, top level playbook variables) can’t make use of that data.
The solution is to make the vars_files logic be smart, and notice that if it could fully template a vars_files line entry to remove all template characters (that is, the line doesn’t contain any variables that will be provided later, from facts), it could load it earlier. This would be the “Do What I Mean” approach, and is probably better than introducing something like “vars_files_not_host_specific” (ugh). I would gladly take a patch for this and it would prevent a fair amount of user questions.
If you just want a workaround, you can use “vars” or --extra-vars=“user=timmy” from the command line, and both of those will work for supplying the value, as will variables in your inventory file (on the group or host).
Where vars/main.yaml looks like this:
deploy_account: deploy
But it didn’t work, when I tried to connect, I saw:
$deploy_account@192.168.33.11’s password:
- Is it possible to get access the current user as a variable?
Believe this was asked in IRC yesterday.
Not presently. Currently we do have 'inventory_hostname" as a similar magic variable, so having a similar variable called ‘current_user’ be available seems reasonable, and patches would be accepted for this.
I suspect we might break some people if we called it “user”, so I kind of want to pick something less likely to be used.
If this is done, we probably also should set ‘sudo_user’ equivalently, or leave it blank if not sudoing.