Hi there, say I get a new instance somewhere that allows logins as root. I want to run a playbook that configures the machine and no longer allows root logins. And I want it to be idempotent. ;-)
Consider this mock-up playbook:
################
- hosts: foobar
vars:
ansible_user: root
tasks:
- name: "Change sshd configuration and no longer allow root logins"
...
...
- hosts: foobar
vars:
ansible_user: bob
tasks:
- name: "Do stuff as bob via sudo..."
...
################
If I run this twice, the second run fails, as root is no longer
allowed after the first run.
How to determine gracefully, if root is allowed to login or not?
Apparently the "unreachable" error can not be ignored (ignore_errors
or failed_when: false) and this always fails.
For a port change in sshd I would use this and check, if it fails:
################
wait_for:
port: "22"
state: "started"
host: "foobar"
connect_timeout: "5"
timeout: "10"
register: "some_variable"
ignore_errors: "true"
delegate_to: localhost
################
How to do this for a username change, not for a port change?
Johannes
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/aa47e467-0ec2-2458-e5c5-6857d66e179f%40ojkastl.de.
For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature
