So, I have a playbook set up with remote_user: admin, and the remote server only allows 'root' until the admin user is set up. If I add a ping task as the first task in the playbook (with failed_when: false and gather_facts: no), then I get the following:
PLAY [playbook] ***************************************************************** TASK: [Check if we can connect using ping module.] **************************** fatal: [drupal] => SSH encountered an unknown error during the connection. We recommend you re-run the command using -vvvv, which will enable SSH debugging output to help diagnose the issue Is there some way, in a playbook, to have a 'pre-pre-task' or a way to catch an SSH connection error and set a flag based on that? Basically, I don't want to fail after SSH connection error, but attempt to run a separate play as root... something along those lines. Worst case, I'll just keep doing what I'm doing (separate small playbook to configure admin user and SSH security that runs as root, and kick that playbook off by hand for each server provision). But it would be great if it were possible to provision and re-run a playbook on any hosting provider (besides the ones with nice APIs or kickstart abilities) with one playbook :) -Jeff On Monday, May 19, 2014 8:50:53 AM UTC-5, Jeff Geerling wrote: > > When I order a new server from a hosting provider which doesn't have > images like AMIs or user-created Images, I generally get a minimal OS > installation and a root user account. > > The first thing I need to do on the server, before I can start securely > configuring the server from an admin user account, and deploying an app to > that server, is to *create* the admin user account with which I'll do the > rest of the work, and then disable password-based login and root SSH access. > > Currently, I have two separate playbooks to accomplish these two separate > tasks (first setting up the server/security minimally, second configuring > the server and deploying an app). > > Are there any better ways of doing this? Basically, I'd like to have a way > of saying "if this is a new server/my admin user can't connect, first run > this set of plays as the root user, then continue on as the normal > remote_user". > > Using Digital Ocean or AWS makes this a bit easier, as I can use Packer > and create an initial image that already has the minimal base > configuration... but I manage a lot of hosts from a lot of providers, and > usually don't have a way to manage fresh images. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/28140ca0-3dd6-4a73-82e8-c86ea751f54a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
