Using `remote_user` in `ansible_ssh_common_args` in inventory file

tariver_16 · April 9, 2021, 6:45am

Greetings!
Asked this on stackoverflow but received no answer, so trying my luck here.

In my network there is one server (server2) that can’t be accessed directly. First you have to ssh to server1 and from there to server2.

My config file has the following line:

remote_user = foo.bar

My inventory:

hosts:
server1:
ansible_host: 10.0.0.1
server2:
ansible_host: 10.0.0.2 ansible_ssh_common_args: ‘-o ProxyCommand=“ssh -W %h:%p -q foo.bar@10.0.0.1”’

This works fine, but I don’t want the user name to be hardcoded. Here and here there are examples that remote_user can be passed via {{ ansible_ssh_user }} but I can’t get it to work.

What I tried:

ansible_ssh_common_args: ‘-o ProxyCommand=“ssh -W %h:%p -q {{ ansible_ssh_user }}@10.0.0.1”’

Also tried {{ ansible_user }} and {{ user }}. But when I run ansible server2 -m ping I get an error:

“The field ‘ssh_common_args’ has an invalid value, which includes an undefined variable. The error was: ‘ansible_user’ is undefined”

Is it possible to use user defined by remote_user in ansible_ssh_common_args?

system · April 9, 2021, 4:03pm

Only if you set ansible_ssh_user previously, the connection
information won't be 'recursive' to itself.

That said, in future you could use this lookup to get the 'resolved'
remote_user for the connection plugin
https://github.com/ansible/ansible/pull/74186

tariver_16 · April 9, 2021, 4:21pm

Thank you for your answer.

Yes it works if I set ansible_ssh_user as variable in the inventory file, but for my purpose it’s the same as hardcoding it. What I want to do is to share this with my colleagues, so they can also use it without making any changes.

You can use this global variable in the playbook. As an example:

name: Playbook to test default user
hosts: all
gather_facts: false
tasks:
name: Print default users
debug:
var: ansible_user

When I run it with ansible-playbook test-default-user.yml --limit server1 I get

ok: [server1] => {
“ansible_user”: “foo.bar”
}

Also works with ansible_ssh_user. So I thought it’s the same with the inventory.

system · April 12, 2021, 4:33pm

It 'works' in certain cases and debug is a bad example of that, once
the PR I linked is merged we will probably deprecate any updates to
ansible_* vars as they are currently inconsistent and many times wrong
(especially when you consider loops).

tariver_16 · April 13, 2021, 6:09am

Thanks for your answer. I’ll wait for the new version then and rewrite my inventory according to it.

Topic		Replies	Views
remote_user specified in play available to roles in the play Ansible Project	8	0	August 28, 2014
Are ansible_user in inventory vs remote_user in playbook equivalent? Ansible Project	1	0	October 23, 2015
Remote_user is declared in playbook file and ansible_user is declared in inventory file Get Help	1	246	November 22, 2023
`ansible_ssh_user` overriding `remote_user` Ansible Project ubuntu	6	0	July 31, 2014
using different remote_user until success Ansible Project aws	8	0	July 9, 2019

Using `remote_user` in `ansible_ssh_common_args` in inventory file

Related topics