Hi, One thing comes to mind - you could create two different entries in the inventory pointing to the same 'ansible_host' with different set of credentials. So the bootstrap process could run against the the first host (with default password) and the rest of the play - against the second. The inventory could look like this:
host1_bootstrap ansible_host=host1 ansible_user=root ansible_ssh_pass=abc host1_proper ansible_host=host1 ansible_user=user1 ..... kind regards Pshem On Tue, 12 Dec 2017 at 08:28 Kevin Phillips <[email protected]> wrote: > Hi all. I was redirected here from the Ansible issue tracker on Github. I > am having difficulties with a specific use case I'm hoping to get help with. > > I am trying to find a way to programatically change SSH credentials in an > Ansible play between tasks and / or between hosts. Here is my most basic > use case: When bootstrapping a new server that has no LDAP configuration, > user profiles, etc. I need to authenticate as root. However, in the first > play I want to set up a limited user with sudo permissions (presumably > while logged in as root), then I want to disable remote logins for root and > continue running the rest of the plays as my newly created user. > > For bootstrapping purposes, the root users typically just have password > enabled authentication using a known default password... however the user > created by this first play is being configured with an SSH key to > facilitate passwordless logins for the remainder of the plays. > > Can someone tell me how I might orchestrate this seemingly simple sequence > of events? I've read up on ssh_args, ansible_pass, remote_user, and many > other ways of defining credentials for tasks but none of them seem to allow > the modification of the user and password in the way I've described above. > So any help / suggestions anyone has in this regard would be appreciated. > > We run our ansible plays on various Linux OSes and Mac OS X, and we're > using the latest version of Ansible in case that helps at all. > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/c9284559-0c0e-4580-8f07-243a1bef34ec%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/c9284559-0c0e-4580-8f07-243a1bef34ec%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAEaZiRV3P5M%3DgRCiF5%2B5oioYiGaSCxMW6rvgtotOVPpzrEqiaQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
