i use an ssh agent On Fri, May 29, 2015 at 1:43 PM, Bence Takács <[email protected]> wrote: > ... but where do you store the alternative user's credentials? > > 2015.05.29. 19:27 ezt írta ("Brian Coca" <[email protected]>): >> >> what version of ansible? os? python? >> >> switching users seems to be working fine for me. >> >> On Fri, May 29, 2015 at 12:37 PM, Bence Takács <[email protected]> >> wrote: >> > One question and one issue: >> > >> > 1. question (above): >> > How can I set the credentials for alternative user? >> > >> > 2. issue: >> > playbook: >> >> >> >> - name: Preparation >> >> >> >> remote_user: root >> >> >> >> vars: >> >> - ansible_ssh_private_key_file: ~/.ssh/site-root >> >> ... >> >> >> >> - name: Main play >> >> >> >> remote_user: ci >> >> >> >> ... >> > >> > Does not work: 'Main play' will be executed as root user >> > >> > If I put the following at the end: >> >> >> >> - ansible_ssh_private_key_file: ~/.ssh/site-ci >> > >> > >> > ...then I get the following error: >> >> >> >> SSH Error: Permission denied >> >> (publickey,gssapi-keyex,gssapi-with-mic,password). >> > >> > >> > So root user is stucked somehow... and one cannot authenticate root with >> > ci's key. >> > >> > Regards: >> > Bence >> > >> > >> > 2015. május 29., péntek 18:15:19 UTC+2 időpontban Bence Takács a >> > következőt >> > írta: >> >> >> >> Thanks for the tip, but how can I set the credentials for alternative >> >> user? >> >> >> >> Now I have only one user set in hosts file: >> >> >> >>> ansible-sandbox ansible_ssh_host=ansible-sandbox.local >> >>> ansible_ssh_user=ci ansible_ssh_private_key_file=~/.ssh/ci >> >> >> >> >> >> >> >> 2015. május 29., péntek 17:56:28 UTC+2 időpontban Brian Coca a >> >> következőt >> >> írta: >> >>> >> >>> the remote_user: directive can be used at play and task level to >> >>> change this, no need to use vars: unless your hosts have those set in >> >>> inventory (which overrides remote_user). >> >>> >> >>> On Fri, May 29, 2015 at 10:00 AM, Bence Takács <[email protected]> >> >>> wrote: >> >>> > I need to switch users in a playbook: first I need to do some tasks >> >>> > as >> >>> > a >> >>> > root user then I need to change to a limited user and do the rest >> >>> > with >> >>> > that. >> >>> > >> >>> > My playbook looks like this: >> >>> >> >> >>> >> - name: Preparation >> >>> >> vars: >> >>> >> - ansible_ssh_user: root >> >>> >> - ansible_ssh_private_key_file: ~/.ssh/site-root >> >>> >> ... >> >>> >> >> >>> >> - name: Main play >> >>> >> vars: >> >>> >> - ansible_ssh_user: ci >> >>> >> - ansible_ssh_private_key_file: ~/.ssh/site-ci >> >>> >> >> >>> >> ... >> >>> > >> >>> > >> >>> > This works but I feel that nasty (poor design): >> >>> > - redundant configuration (in hosts and 2 plays) >> >>> > - need to switch and then switch back >> >>> > >> >>> > What is the Best practice to achieve that? >> >>> > >> >>> > -- >> >>> > You received this message because you are subscribed to the Google >> >>> > Groups >> >>> > "Ansible Project" group. >> >>> > To unsubscribe from this group and stop receiving emails from it, >> >>> > send >> >>> > an >> >>> > email to [email protected]. >> >>> > To post to this group, send email to [email protected]. >> >>> > To view this discussion on the web visit >> >>> > >> >>> > >> >>> > https://groups.google.com/d/msgid/ansible-project/f7a68ea4-c6a6-43e6-b415-f6d367cdb199%40googlegroups.com. >> >>> > For more options, visit https://groups.google.com/d/optout. >> >>> >> >>> >> >>> >> >>> -- >> >>> Brian Coca >> > >> > -- >> > You received this message because you are subscribed to the Google >> > Groups >> > "Ansible Project" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to [email protected]. >> > To post to this group, send email to [email protected]. >> > To view this discussion on the web visit >> > >> > https://groups.google.com/d/msgid/ansible-project/ad7e0252-a2ed-49f5-9ea9-e026956e5c0c%40googlegroups.com. >> > >> > For more options, visit https://groups.google.com/d/optout. >> >> >> >> -- >> Brian Coca >> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Ansible Project" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/ansible-project/Uu-0BEZwcCI/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> To post to this group, send email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/CAJ5XC8nHEKsGG_y2ZZpt4OsYQPfDNn5kASz4aE9O4xV0aQKC2A%40mail.gmail.com. >> For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAMQOM8TY7gS7Y1ve3ZqY3zYe8PPO91z6aPM4y-KDfkzPtGyPGw%40mail.gmail.com. > > For more options, visit https://groups.google.com/d/optout.
-- Brian Coca -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAJ5XC8%3DPXAOGZzL8HXqpNdyn6zncCQbEqs1tfED3z2s7%2B4eMJA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
