On Wed, Jan 21, 2015 at 8:25 AM, Stuart Budd <[email protected]> wrote: > I do not understand how this example works for user foo > > If I have not stated the user account to use for the ssh connection within > the command line using: ansible_ssh_user=foo > or the Ansible host file: /etc/ansible/hosts > > Is the current user account used as the ssh connection to a remote server if > not specified on the command line or within the file: /etc/ansible/hosts ? > Correct.
> If so, does the logic for which user account to use for the ssh connection > go like this: > > Use the current user account, unless specified in the command line using > command: ansible_ssh_user=foo Via the command line: * for /usr/bin/ansible use: -u foo /usr/bin/ansible rhel7-test -u ansibletest1 -a whoami * for /usr/bin/ansible-playbook you can use -u foo if nothing else is setting the user (not in /etc/ansible/hosts or the playbook). If you really want to override what's specified in hosts or the playbook use -e ansible_ssh_user=foo: ansible-playbook test.yml -v -e 'ansible_ssh_user=ansibletest1' > and if not specified in the /etc/ansible/hosts file as: > ansible_ssh_user=foo > > Ansible Local Server Remote server > local-01 remote-01 > --------------------------- -------------------- > Local User foo --> ssh --> Remote user foo > > So in this example: > (1) Local user running /usr/bin/ansible is foo > (2) Remote user is an account on the remote box remote-01 which is also > named foo > (3) sudoing will sudo to the remote account foo. Which as you say is a > no-op. #3 is only true if you've specified that foo is the sudo_user somewhere (for instance in ansible.cfg) Otherwise you'll be sudo'ing to root. > Server local-01 > [root@local-01 /]# grep sudo_user /etc/ansible/ansible.cfg > sudo_user = root > [root@local-01 /]# cat /etc/ansible/hosts > [servers] > remote-01 > [root@local-01 /]# > > > Ansible command > [root@local-01 ~]# su - foo > [foo@local-01 ~]$ ssh foo@remote-01 whoami > foo > [foo@local-01 ~]$ ansible remote-01 -m command -a "whoami" > remote-01 | success | rc=0 >> > foo > [foo@local-01 ~]$ > <nod> This is all correct. I see that you pointed out that sudo_user = root in ansible.cfg. So just in case you're wondering, ansible does not sudo unless you tell it to. That would look something like this: [foo@local-01 ~]$ ansible remote-01 -m command -a "whoami" --sudo -K sudo password: remote-01 | success | rc=0 >> root > > Question > How does the above Ansible command work if I have not specified the user > account for the SSH connection or the local user account either within > the command line, /etc/ansible/ansible.cfg or within the file > /etc/ansible/hosts ? > The default for ansible (and for ssh) is to use the username that you are logged in locally as. > Is this not the function of the parameters ansible_ssh_user and > ansible_sudo_user ? > ansible_ssh_user (in /etc/ansible/hosts or another inventory file) overrides that, yes. ansible_sudo_user specifies which user to sudo to once you've ssh'd into the remote box. > Should I not need to specify this: ansible_ssh_user=foo ? > Even if I do not need this: ansible_sudo_user=foo ? > In most people's environments they have the same username on all of their boxes. So those people don't need to set ansible_ssh_user. If you are using different usernames on the local and remote box then you do need to set ansible_ssh_user so that ansible knows which account it needs to ssh into on the remote machine. -Toshio -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAG9juErjnHuYQ-NWoJB%3DA9QQcDBqria7FH3y6GfWH%3DVVd2ij8A%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
