On Wed, Jan 21, 2015 at 8:05 AM, Stuart Budd <[email protected]> wrote: > I still do not understand this. > > > Example 1: > > Ansible Local Server Remote server > local-01 remote-01 > ------------------- -------------------- > Local user foo --> ssh --> Remote user foo > > > I do not understand how Ansible knows what user account to use on the local > and remote servers for the purposes of the SSH connection if no user account > is specified within the command line ( ansible_ssh_user=foo ) or > /etc/ansible/hosts file. >
Ansible (and the ssh commandline) defaults to using the same username on the remote server as you are logged into on the local server. So if nothing is specified, If you invoke ansible from the local user foo account, ansible will attempt to connect to a remote user foo account. > I will ask a new separate question. > > > Example 2: > > Ansible Local Server Remote server > local-01 remote-01 > ------------------- -------------------- > Local user foo --> ssh --> Remote user foo > bar > (foo user uses sudo to run command as bar) > > I still can not get this to work. The SSH connection is working fine for > user foo and if the foo user uses sudo to run a command as user bar on the > remote server it works fine but I still can not get Ansible to glue it > together. > This should work. Try something like this: $ ansible rhel7-test --sudo -K -a 'whoami' sudo password: rhel7-test | success | rc=0 >> root $ sudo vim /etc/ansible/ansible.cfg $ # Edit the sudo_user config so that: sudo_user = ansibletest1 $ ansible rhel7-test --sudo -K -a 'whoami' sudo password: rhel7-test | success | rc=0 >> ansibletest1 > I will ask a separate question about this. > This was my main question really. I have one non-root user that allows SSH, > but can not use sudo for root access. > So I can not use the same example as above. > This sounds slightly problematic * To be able to administrate this box at all you'll need a chain of accounts from the account you ssh in as to an account that has all of the privileges that you need (usually the root account so that you can do anything you need). * To be able to run ansible efficiently you should have an account that can ssh in and either has the privileges you need or be one sudo or su login away from the account that has all the privileges you need. However all is not lost because: * You can be more than one sudo login away (as bcoca's explanation was showing) but that is harder to achieve, has many caveats, and is much harder to explain clearly :-) * If you have an account that can sudo to root you should be able to either add the account you can ssh in as to /etc/sudoers or add SSH keys to the account that you can sudo to root from so that you can SSH into the box as the aaccount that's only one sudo step away from root. -Toshio -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAG9juEr0urk9aF2BLGaXkJCTGyMstf6njr3pupM7WbdnAH-Hsw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
