... but where do you store the alternative user's credentials?
2015.05.29. 19:27 ezt írta ("Brian Coca" <[email protected]>):> what version of ansible? os? python? > > switching users seems to be working fine for me. > > On Fri, May 29, 2015 at 12:37 PM, Bence Takács <[email protected]> > wrote: > > One question and one issue: > > > > 1. question (above): > > How can I set the credentials for alternative user? > > > > 2. issue: > > playbook: > >> > >> - name: Preparation > >> > >> remote_user: root > >> > >> vars: > >> - ansible_ssh_private_key_file: ~/.ssh/site-root > >> ... > >> > >> - name: Main play > >> > >> remote_user: ci > >> > >> ... > > > > Does not work: 'Main play' will be executed as root user > > > > If I put the following at the end: > >> > >> - ansible_ssh_private_key_file: ~/.ssh/site-ci > > > > > > ...then I get the following error: > >> > >> SSH Error: Permission denied > >> (publickey,gssapi-keyex,gssapi-with-mic,password). > > > > > > So root user is stucked somehow... and one cannot authenticate root with > > ci's key. > > > > Regards: > > Bence > > > > > > 2015. május 29., péntek 18:15:19 UTC+2 időpontban Bence Takács a > következőt > > írta: > >> > >> Thanks for the tip, but how can I set the credentials for alternative > >> user? > >> > >> Now I have only one user set in hosts file: > >> > >>> ansible-sandbox ansible_ssh_host=ansible-sandbox.local > >>> ansible_ssh_user=ci ansible_ssh_private_key_file=~/.ssh/ci > >> > >> > >> > >> 2015. május 29., péntek 17:56:28 UTC+2 időpontban Brian Coca a > következőt > >> írta: > >>> > >>> the remote_user: directive can be used at play and task level to > >>> change this, no need to use vars: unless your hosts have those set in > >>> inventory (which overrides remote_user). > >>> > >>> On Fri, May 29, 2015 at 10:00 AM, Bence Takács <[email protected]> > >>> wrote: > >>> > I need to switch users in a playbook: first I need to do some tasks > as > >>> > a > >>> > root user then I need to change to a limited user and do the rest > with > >>> > that. > >>> > > >>> > My playbook looks like this: > >>> >> > >>> >> - name: Preparation > >>> >> vars: > >>> >> - ansible_ssh_user: root > >>> >> - ansible_ssh_private_key_file: ~/.ssh/site-root > >>> >> ... > >>> >> > >>> >> - name: Main play > >>> >> vars: > >>> >> - ansible_ssh_user: ci > >>> >> - ansible_ssh_private_key_file: ~/.ssh/site-ci > >>> >> > >>> >> ... > >>> > > >>> > > >>> > This works but I feel that nasty (poor design): > >>> > - redundant configuration (in hosts and 2 plays) > >>> > - need to switch and then switch back > >>> > > >>> > What is the Best practice to achieve that? > >>> > > >>> > -- > >>> > You received this message because you are subscribed to the Google > >>> > Groups > >>> > "Ansible Project" group. > >>> > To unsubscribe from this group and stop receiving emails from it, > send > >>> > an > >>> > email to [email protected]. > >>> > To post to this group, send email to [email protected]. > >>> > To view this discussion on the web visit > >>> > > >>> > > https://groups.google.com/d/msgid/ansible-project/f7a68ea4-c6a6-43e6-b415-f6d367cdb199%40googlegroups.com > . > >>> > For more options, visit https://groups.google.com/d/optout. > >>> > >>> > >>> > >>> -- > >>> Brian Coca > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Ansible Project" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > To post to this group, send email to [email protected]. > > To view this discussion on the web visit > > > https://groups.google.com/d/msgid/ansible-project/ad7e0252-a2ed-49f5-9ea9-e026956e5c0c%40googlegroups.com > . > > > > For more options, visit https://groups.google.com/d/optout. > > > > -- > Brian Coca > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Ansible Project" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ansible-project/Uu-0BEZwcCI/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAJ5XC8nHEKsGG_y2ZZpt4OsYQPfDNn5kASz4aE9O4xV0aQKC2A%40mail.gmail.com > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAMQOM8TY7gS7Y1ve3ZqY3zYe8PPO91z6aPM4y-KDfkzPtGyPGw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
