How to choose remote_user accoring to OS distribution?
184 views
Skip to first unread message
Adam R.
Jul 10, 2015, 5:07:14 PM7/10/15
to ansible...@googlegroups.com
Hello,
I am creating a role to upgrade my servers. Some are CentOS others are Fedora. CentOS servers use remote_user: root and Fedora servers remote_user: fedora
How can i setup my playbook to use one remote_user according to ansible_distribution?
In the Ansible FAQ there is a section that deals with these issue setting inventory variables in the inventory file, but i am
using dynamic inventory. http://docs.ansible.com/faq.html#how-do-i-handle-different-machines-needing-different-user-accounts-or-ports-to-log-in-with
Or there is a way to try sshing as some user if the connection fails, try another login user?
How to choose remote user according to OS?
Or it is easier to create a separate playbook for each ansible_distribution?
Thank you!
Adam R.
Jul 10, 2015, 5:16:25 PM7/10/15
to ansible...@googlegroups.com
A better description is "How to set remote_user for according to OS distribution
Brian Coca
Jul 10, 2015, 5:28:36 PM7/10/15
to ansible...@googlegroups.com
There are several ways, the easiest is if your inventory script
provides OS info:
remote_user: "{{ansible_distibution == 'Fedora'|ternary('fedora', 'root')
If you have no info ahead of time you can test connecting and then use
group_by (example below) or the same expression above on the result
var. If using group_by you can preset group_vars/fedora =>
ansible_ssh_user: fedora
- hosts: all
remote_user: root
gather_facts: False
tasks:
- ping:
register: rootlogin
ignore_errors: yes
- group_by: key=fedora
when: rootlogin|failed
--
Brian Coca
provides OS info:
remote_user: "{{ansible_distibution == 'Fedora'|ternary('fedora', 'root')
If you have no info ahead of time you can test connecting and then use
group_by (example below) or the same expression above on the result
var. If using group_by you can preset group_vars/fedora =>
ansible_ssh_user: fedora
- hosts: all
remote_user: root
gather_facts: False
tasks:
- ping:
register: rootlogin
ignore_errors: yes
- group_by: key=fedora
when: rootlogin|failed
--
Brian Coca
Adam R.
Jul 13, 2015, 11:25:49 PM7/13/15
to ansible...@googlegroups.com
Thank you Brian for your reply.
Based on your suggestions, i created this playbook:
(create two groups and then apply the role to each subset)
- hosts: all
remote_user: root
gather_facts: false
tasks:
- ping:
register: rootlogin
ignore_errors: true
- group_by: key=fedora-user
when: rootlogin|failed
- group_by: key=root-user
when: rootlogin|success
- name: Execute play for CentOS instances
hosts: root-user
remote_user: root
roles:
- { role: path/to_role }
- name: Execute play for Fedora instances
hosts: fedora-user
remote_user: fedora
sudo: yes
sudo_user: root
roles:
- { role: path/to_role }
The problem is that only the root-user group it is created.
created 'group_by' ActionModule: key=stage-root-user
No fedora-user group was created. When it comes the time to execute the rol for the fedora instances.
skipping: no hosts matched
I did also tried, create the two groups using multi plays(same idea), but the groups were created with the same elements:
- name: Group CentOS instances
hosts: all
remote_user: root
gather_facts: no
# ignore_errors: true
tasks:
- name: remote_user is root
group_by: key=root_user
ignore_errors: true
- name: Group Fedora instances
hosts: all
gather_facts: no
remote_user: fedora
sudo: yes
sudo_user: root
tasks:
- name: remote_user is fedora
group_by: key=fedora_user
ignore_errors: true
- name: Execute play for CentOS instances
hosts: root_user
remote_user: root
roles:
- { role: path/to_role }
- name: Execute play for Fedora instances
hosts: fedora_user
remote_user: fedora
sudo: yes
sudo_user: root
roles:
- { role: path/to_role }
FATAL: no hosts matched or all hosts have already failed -- aborting
Thank you!
Ansible 1.9
Brian Coca
Jul 14, 2015, 12:14:27 AM7/14/15
to ansible...@googlegroups.com
you really only need 1 group, not sure why both did not get created though.
with one group you can have these play targets:
- hosts: group
- hosts: all:!group
^ first will target all hosts in the group, the 2nd all hosts NOT in the group.
--
Brian Coca
with one group you can have these play targets:
- hosts: group
- hosts: all:!group
^ first will target all hosts in the group, the 2nd all hosts NOT in the group.
--
Brian Coca
Adam R.
Jul 20, 2015, 5:57:36 PM7/20/15
to ansible...@googlegroups.com
Hello Brian,
I have made some tests and it seems that hosts conditional it is not working for the instances that cannot login (either root or fedora, tested both).
First test:
If i create the group according to fedora access rules, the group for the centos instances it is not created:
---
- name: upgrade packages
hosts: all
remote_user: fedora
sudo: yes
sudo_user: root
gather_facts: false
tasks:
- ping:
register: fedoralogin
ignore_errors: yes
- group_by: key=fedora
when: fedoralogin|success
- name: upgrade centos instances
hosts: all:!fedora
remote_user: root
roles:
- { role: infraops/upgrade_packages}
The group_by creates the fedora group, with the correct instance. but all:!fedora it is empty: FATAL: no hosts matched or all hosts have already failed -- aborting (ignore_errors is set to yes)
In the same fashion if the script is changed to remote_user: root (thus accessing CentOS instances), the group_by
- name: upgrade packages
hosts: all
remote_user: root
gather_facts: false
tasks:
- ping:
register: rootlogin
ignore_errors: yes
- group_by: key=fedora
when: rootlogin|failed
- name: upgrade fedora instances
hosts: fedora
remote_user: fedora
sudo: yes
sudo_user: root
roles:
- { role: infraops/upgrade_packages}
fedora group_by it is not created, (the only user that was able to login into the instance is root -- CentOS instance)
fatal: [X.X.X.X] => failed to transfer file to Please login as the user "fedora" rather than the user "root"./ping:
So i have been able to capture hosts that the remote_user can login into the hosts, the complement it is not captured.
Thank you!
Reply all
Reply to author
Forward
0 new messages