Re: [ansible-project] Execute first role (tasks) as root, then proceed with regular admin user

Wed, 08 Jun 2016 01:01:16 -0700 

You're right, I didn't get the syntax right. However, with the right 
syntax, I can't get it to work. The solution with two different plays in 
the same playbook is the best solution for me, as I don't want the handlers 
scheduled by the ldap role to be executed after all other roles in the 
playbook.

I changed my playbook to contain two separate plays:

---
- hosts: test
  remote_user: root

  roles:
  - ldap

- hosts: test
  remote_user: verhage

  roles:
  - webserver

I run the playbook with: ansible-playbook playbook.yml -k

On the password prompt, I enter the password for root and the ldap-role 
executes fine. At the end of the first play, root login over ssh is 
disabled and all user authentication is done through ldap. Now the second 
play uses my user 'verhage' to login and can do so through ssh 
private/public key. However, I get the message:

TASK [setup] 
> *******************************************************************
> fatal: [test]: UNREACHABLE! => {"changed": false, "msg": "Authentication 
> failed.", "unreachable": true}




On Tuesday, June 7, 2016 at 10:03:23 PM UTC+2, Johannes Kastl wrote:
>
> On 07.06.16 21:51 Johannes Kastl wrote: 
> > roles: 
> >   - { role: ldap, remote_user: root, someVariable: foo} 
>
> Maybe you have to change something else. If there is not gather_facts: 
> no, before the tasks ansible will try to connect and gather facts 
> about the system. If this fails as user verhage, you might have to do 
> it the other way round: 
>
> hosts: foobar 
> remote_user: root 
> ... 
> roles: 
>   - {role: ldap} 
>   - {role: whatever, remote_user: verhage} 
>
> Or maybe use a playbook with two different plays in it, i.e two 
> sections, each starting with "hosts: ..." and containing a roles-block. 
>
> Johannes 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/8c7be655-1edd-410e-b4f9-30a523af1f9b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to