Hello,
I noticed that an ansible_ssh_user defined in the inventory for a host or
group is used* also when delegating to a host that does not have it set*.
This seems counterintuitive to me and makes it difficult to delegate tasks
to a host that requires a different user. I wonder if this is by design?
I would expect Ansible to not use the ansible_ssh_user of host A when
connecting to host B via delegate_to at all, or at least that it would be
possible to override it by setting a different remote_user in the play.
Please see the example below:
hosts:
testhost ansible_ssh_user=ec2-user
> otherhost
>
sshtest.yml:
---
> - hosts: testhost
> gather_facts: no
> tasks:
> - command: whoami
>
>
- hosts: testhost
> remote_user: otheruser
> gather_facts: no
> tasks:
> - command: whoami
> delegate_to: otherhost
>
'ansible-playbook -i hosts -vvvv sshtest.yml' output:
PLAY [testhost]
> ***************************************************************
>
> TASK: [command whoami]
> ********************************************************
> <testhost> ESTABLISH CONNECTION FOR USER: ec2-user on PORT 22 TO testhost
> <testhost> REMOTE_MODULE command whoami
> <testhost> EXEC /bin/sh -c 'mkdir -p
> $HOME/.ansible/tmp/ansible-tmp-1390928371.32-215246186572191 && chmod a+rx
> $HOME/.ansible/tmp/ansible-tmp-1390928371.32-215246186572191 && echo
> $HOME/.ansible/tmp/ansible-tmp-1390928371.32-215246186572191'
> <testhost> PUT /tmp/tmpx2j5XZ TO
> /home/ec2-user/.ansible/tmp/ansible-tmp-1390928371.32-215246186572191/command
> <testhost> EXEC /bin/sh -c '/usr/bin/python
> /home/ec2-user/.ansible/tmp/ansible-tmp-1390928371.32-215246186572191/command;
>
> rm -rf
> /home/ec2-user/.ansible/tmp/ansible-tmp-1390928371.32-215246186572191/
> >/dev/null 2>&1'
> changed: [testhost] => {"changed": true, "cmd": ["whoami"], "delta":
> "0:00:00.006628", "end": "2014-01-28 16:59:33.480779", "rc": 0, "start":
> "2014-01-28 16:59:33.474151", "stderr": "", "stdout": "ec2-user"}
>
> PLAY [testhost]
> ***************************************************************
>
> TASK: [command whoami]
> ********************************************************
> <otherhost> ESTABLISH CONNECTION FOR USER: ec2-user on PORT 22 TO otherhost
> fatal: [testhost] => {'msg': 'FAILED: Authentication failed.', 'failed':
> True}
>
> FATAL: all hosts have already failed -- aborting
>
> PLAY RECAP
> ********************************************************************
> to retry, use: --limit @/home/ansible/sshtest.retry
>
> testhost : ok=1 changed=1 unreachable=1
> failed=0
>
The delegation to otherhost fails because Ansible tries to use the
ansible_ssh_user of testhost also on otherhost where that user does not
exist. This happens whether or not I have "remote_user: otheruser" in the
second play. Explicitly setting "ansible_ssh_user=otheruser" for otherhost
in the inventory does work so it's more of an annoyance than a major issue
but it seems a bit counterintuitive to me. Any thoughts?
This is on latest devel, by the way.
//Niku
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
