This indeed seems to be the problem, according to /var/log/secure on my
test machine:
Apr 7 11:15:11 localhost sshd[3488]: pam_unix(sshd:session): session
opened for user root by (uid=0)
Apr 7 11:15:11 localhost sshd[1083]: Received signal 15; terminating.
Apr 7 11:15:12 localhost sshd[3523]: Server listening on 0.0.0.0 port 22.
Apr 7 11:15:12 localhost sshd[3523]: Server listening on :: port 22.
Apr 7 11:15:12 localhost sshd[3488]: pam_unix(sshd:session): session
closed for user root
Apr 7 11:15:14 localhost unix_chkpwd[3528]: password check failed for user
(verhage)
Apr 7 11:15:14 localhost sshd[3526]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.57.1
user=verhage
Apr 7 11:15:15 localhost sshd[3526]: pam_ldap(sshd:auth): Authentication
failure; user=verhage
Apr 7 11:15:18 localhost sshd[3526]: Failed password for verhage from
192.168.57.1 port 57056 ssh2
Apr 7 11:15:18 localhost sshd[3526]: Connection closed by 192.168.57.1
[preauth]
For the second play, it tries to connect with the password I supplied on
the command line using -k, which is the password for root...
On Wednesday, June 8, 2016 at 10:14:24 AM UTC+2, Rens Verhage wrote:
>
> What I think is happening here is that at first Ansible logs in with root
> and the supplied password. On the second play Ansible tries to login with
> user verhage, but I think it tries to do so with the root password...
>
> After ansible-playbook terminates logging in with "ssh verhage test" using
> SSH keys works with no problem.
>
>
>
> On Wednesday, June 8, 2016 at 10:00:24 AM UTC+2, Rens Verhage wrote:
>>
>> You're right, I didn't get the syntax right. However, with the right
>> syntax, I can't get it to work. The solution with two different plays in
>> the same playbook is the best solution for me, as I don't want the handlers
>> scheduled by the ldap role to be executed after all other roles in the
>> playbook.
>>
>> I changed my playbook to contain two separate plays:
>>
>> ---
>> - hosts: test
>> remote_user: root
>>
>> roles:
>> - ldap
>>
>> - hosts: test
>> remote_user: verhage
>>
>> roles:
>> - webserver
>>
>> I run the playbook with: ansible-playbook playbook.yml -k
>>
>> On the password prompt, I enter the password for root and the ldap-role
>> executes fine. At the end of the first play, root login over ssh is
>> disabled and all user authentication is done through ldap. Now the second
>> play uses my user 'verhage' to login and can do so through ssh
>> private/public key. However, I get the message:
>>
>> TASK [setup]
>>> *******************************************************************
>>> fatal: [test]: UNREACHABLE! => {"changed": false, "msg": "Authentication
>>> failed.", "unreachable": true}
>>
>>
>>
>>
>> On Tuesday, June 7, 2016 at 10:03:23 PM UTC+2, Johannes Kastl wrote:
>>>
>>> On 07.06.16 21:51 Johannes Kastl wrote:
>>> > roles:
>>> > - { role: ldap, remote_user: root, someVariable: foo}
>>>
>>> Maybe you have to change something else. If there is not gather_facts:
>>> no, before the tasks ansible will try to connect and gather facts
>>> about the system. If this fails as user verhage, you might have to do
>>> it the other way round:
>>>
>>> hosts: foobar
>>> remote_user: root
>>> ...
>>> roles:
>>> - {role: ldap}
>>> - {role: whatever, remote_user: verhage}
>>>
>>> Or maybe use a playbook with two different plays in it, i.e two
>>> sections, each starting with "hosts: ..." and containing a roles-block.
>>>
>>> Johannes
>>>
>>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/79ca066b-97f2-4283-b41e-ed5418907056%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
