What I think is happening here is that at first Ansible logs in with root
and the supplied password. On the second play Ansible tries to login with
user verhage, but I think it tries to do so with the root password...
After ansible-playbook terminates logging in with "ssh verhage test" using
SSH keys works with no problem.
On Wednesday, June 8, 2016 at 10:00:24 AM UTC+2, Rens Verhage wrote:
>
> You're right, I didn't get the syntax right. However, with the right
> syntax, I can't get it to work. The solution with two different plays in
> the same playbook is the best solution for me, as I don't want the handlers
> scheduled by the ldap role to be executed after all other roles in the
> playbook.
>
> I changed my playbook to contain two separate plays:
>
> ---
> - hosts: test
> remote_user: root
>
> roles:
> - ldap
>
> - hosts: test
> remote_user: verhage
>
> roles:
> - webserver
>
> I run the playbook with: ansible-playbook playbook.yml -k
>
> On the password prompt, I enter the password for root and the ldap-role
> executes fine. At the end of the first play, root login over ssh is
> disabled and all user authentication is done through ldap. Now the second
> play uses my user 'verhage' to login and can do so through ssh
> private/public key. However, I get the message:
>
> TASK [setup]
>> *******************************************************************
>> fatal: [test]: UNREACHABLE! => {"changed": false, "msg": "Authentication
>> failed.", "unreachable": true}
>
>
>
>
> On Tuesday, June 7, 2016 at 10:03:23 PM UTC+2, Johannes Kastl wrote:
>>
>> On 07.06.16 21:51 Johannes Kastl wrote:
>> > roles:
>> > - { role: ldap, remote_user: root, someVariable: foo}
>>
>> Maybe you have to change something else. If there is not gather_facts:
>> no, before the tasks ansible will try to connect and gather facts
>> about the system. If this fails as user verhage, you might have to do
>> it the other way round:
>>
>> hosts: foobar
>> remote_user: root
>> ...
>> roles:
>> - {role: ldap}
>> - {role: whatever, remote_user: verhage}
>>
>> Or maybe use a playbook with two different plays in it, i.e two
>> sections, each starting with "hosts: ..." and containing a roles-block.
>>
>> Johannes
>>
>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/f955f04f-1900-47dd-8be2-1a71d2fc49f7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
