Hi this bit is not correct: "…Ansible will connect as root" That did confuse me as there does not seem to be any documentation for using different user accounts and how they interact with Ansible.
In my example above. The user account that Ansible uses to connect as is the *foo *user. My example does the following: Running the Ansible command as user *foo *on the local server *local-01* User *foo *on the local Ansible server *local-01*, connects as user *foo *using SSH to the remote server *remote-01* and reports back that it is logged in as user *foo* On Thursday, 22 January 2015 08:49:38 UTC, Tom Bamford wrote: > > Note that if you are using ssh transport (not sure about Paramiko), and > you have a matching host in ssh_config with a User line, that will be used. > > So given that ~you/.ssh/config contains > > Host myhost > User root > > and you invoke the following as you… > > ansible myhost -a whoami > > …Ansible will connect as root > > > On 21 January 2015 at 21:28, Stuart Budd <[email protected] <javascript:>> > wrote: > >> Got it. >> >> Thank you tkuratomi for the very informative answer. >> Cheers >> >> >> >> >> On Wednesday, 21 January 2015 16:25:06 UTC, Stuart Budd wrote: >>> >>> I do not understand how this example works for user *foo* >>> >>> If I have not stated the user account to use for the ssh connection >>> within the command line using: *ansible_ssh_user=foo* >>> or the Ansible host file: * /etc/ansible/hosts* >>> >>> Is the current user account used as the ssh connection to a remote >>> server if not specified on the command line or within the file*: >>> /etc/ansible/hosts* ? >>> >>> If so, does the logic for which user account to use for the ssh >>> connection go like this: >>> >>> Use the current user account, unless specified in the command line using >>> command: * ansible_ssh_user=foo* >>> and if not specified in the * /etc/ansible/hosts* file as: >>> * ansible_ssh_user=foo* >>> >>> Ansible Local Server Remote server >>> *local-01* * remote-01* >>> --------------------------- -------------------- >>> Local User foo --> ssh --> Remote user foo >>> >>> So in this example: >>> (1) Local user running */usr/bin/ansible* is *foo* >>> (2) Remote user is an account on the remote box *remote-01 *which is >>> also named foo >>> (3) sudoing will sudo to the remote account foo. Which as you say is a >>> no-op. >>> >>> >>> *Server local-01* >>> [root@local-01 /]# *grep sudo_user /etc/ansible/ansible.cfg* >>> sudo_user = root >>> [root@local-01 /]# *cat /etc/ansible/hosts* >>> [servers] >>> remote-01 >>> [root@local-01 /]# >>> >>> >>> Ansible command >>> [root@local-01 ~]# *su - foo* >>> [foo@local-01 ~]$ *ssh foo@remote-01 whoami* >>> foo >>> [foo@local-01 ~]$ *ansible remote-01 -m command -a "whoami"* >>> >>> *remote-01 | success | rc=0 >>foo* >>> [foo@local-01 ~]$ >>> >>> >>> Question >>> How does the above Ansible command work if I have not specified the user >>> account for the SSH connection or the local user account either within >>> the command line, * /etc/ansible/ansible.cfg* or within the file* >>> /etc/ansible/hosts* ? >>> >>> Is this not the function of the parameters *ansible_ssh_user *and >>> *ansible_sudo_user* ? >>> >>> Should I not need to specify this: * ansible_ssh_user=foo* ? >>> Even if I do not need this: * ansible_sudo_user=foo* ? >>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To post to this group, send email to [email protected] >> <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/dd4acdd0-fd8c-432d-8b71-7ba6b9d6b08e%40googlegroups.com >> >> <https://groups.google.com/d/msgid/ansible-project/dd4acdd0-fd8c-432d-8b71-7ba6b9d6b08e%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/d57c3c74-9452-4a71-997c-9699680d67d4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
