Apologies, I figured it out. I needed to provide an ssh password by using the -k flag.
On Thursday, September 18, 2014 4:51:23 PM UTC-4, Skyler Slade wrote: > > Thanks for your reply. > > On Thursday, September 18, 2014 2:51:48 PM UTC-4, Josh Smift wrote: >> >> Keep in mind is that there are two things here: The user you run Ansible >> as, and the remote user that Ansible acts as on the target systems. One >> thing you can do is set remote_user to 'ansible', and then put your >> admins' public keys in the 'ansible' user's authorized_keys file on the >> target systems; then each can run Ansible as themselves, but Ansible acts >> as 'ansible' on the target systems. >> > > I've chosen this approach. It seems like I also need to set > ansible_ssh_user because remote_user doesn't seem to influence which SSH > user is used when connecting. That is, unless I specify ansible_ssh_user in > my inventory, though I have remote_user=ansible in my playbook, > ansible-playbook wants to connect using the username of my local user. > > Do I need to use ansible_ssh_user in addition to remote_user? > > >> >> I'm not sure if that's better, from a best practices point of view, than >> also having a shared *private* key for the 'ansible' user, having the >> 'ansible' user's authorized_keys file on the target systems contain only >> the pubkey corresponding to that shared key, and have the admins run >> Ansible as the 'ansible' user (e.g. 'sudo -u ansible ansible-playbook etc >> etc'). I imagine it depends on your environment, and that there are >> arguments either way. >> >> -Josh ([email protected]) >> >> >> >> This email is intended for the person(s) to whom it is addressed and may >> contain information that is PRIVILEGED or CONFIDENTIAL. Any unauthorized >> use, distribution, copying, or disclosure by any person other than the >> addressee(s) is strictly prohibited. If you have received this email in >> error, please notify the sender immediately by return email and delete the >> message and any attachments from your system. >> > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/3811cff6-4e67-4254-9f92-d7d06e42802c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
