remove previously used remote_user (possibly ControlMaster, ControlPersist problem)
60 views
Skip to first unread message
Davide
Feb 8, 2018, 6:35:56 PM2/8/18
to Ansible Project
Hi all,
to setup raspberry pis I would like to use the following palybooks (the actual
yaml is at the end).
1. with remote_user=defaultuser, become and add newuser
2. with remote_user=newuser, become and delete defaultuser
If I play this with some docker container as target it works but if the target
is a raspberry pi 3 (running archlinux or raspbian) I get:
TASK [remove default user] *********************************************************************************************************************
fatal: [192.168.1.129]: FAILED! => {"changed": false, "msg": "userdel: user defaultuser is currently used by process 615\n", "name": "defaultuser", "rc": 8}
This seems to happen because when the second playbook runs there is still a
defaultuser ssh process running from the first playbook.
Looking into it I found out about `-o ControlMaster=auto -o
ControlPersist=60s`. And if I `export ANSIBLE_SSH_ARGS='-o ControlMaster=no'`
before `ansible-playbook` it works also on the raspberry pi.
So my questions are the following.
Why does this affect the rasperry pi but not some docker containers? With the
default `ControlPersist=60s` it seems that it should also fail on the docker
container.
And is it possible to set `ControlMaster=no` for a specific playbook?
Thanks
Davide
Playbooks:
to setup raspberry pis I would like to use the following palybooks (the actual
yaml is at the end).
1. with remote_user=defaultuser, become and add newuser
2. with remote_user=newuser, become and delete defaultuser
If I play this with some docker container as target it works but if the target
is a raspberry pi 3 (running archlinux or raspbian) I get:
TASK [remove default user] *********************************************************************************************************************
fatal: [192.168.1.129]: FAILED! => {"changed": false, "msg": "userdel: user defaultuser is currently used by process 615\n", "name": "defaultuser", "rc": 8}
This seems to happen because when the second playbook runs there is still a
defaultuser ssh process running from the first playbook.
Looking into it I found out about `-o ControlMaster=auto -o
ControlPersist=60s`. And if I `export ANSIBLE_SSH_ARGS='-o ControlMaster=no'`
before `ansible-playbook` it works also on the raspberry pi.
So my questions are the following.
Why does this affect the rasperry pi but not some docker containers? With the
default `ControlPersist=60s` it seems that it should also fail on the docker
container.
And is it possible to set `ControlMaster=no` for a specific playbook?
Thanks
Davide
Playbooks:
---
# login as default user and add new user
- hosts: testhost
vars_files:
- secret
vars:
ansible_password: "{{ defaultuserpassword }}"
ansible_become_pass: "{{ rootpassword }}"
remote_user: "{{ defaultusername }}"
become: yes
become_method: su
tasks:
- name: "add user {{ remoteusername }}"
user:
name: "{{ remoteusername }}"
password: "{{ remoteuserpassword|password_hash('sha512') }}"
shell: /bin/bash
state: present
# login as newuser and remove default user
- hosts: testhost
vars_files:
- secret
vars:
ansible_password: "{{ remoteuserpassword }}"
ansible_become_pass: "{{ rootpassword}}"
remote_user: "{{ remoteusername }}"
become: yes
become_method: su
tasks:
- name: remove default user
user:
name: "{{ defaultusername }}"
state: absent
remove: yes
Davide
Feb 9, 2018, 6:23:53 PM2/9/18
to Ansible Project
I found a related post [1] where it is suggested to just kill all processes
before deleting the user [2].
[1]: https://groups.google.com/d/msg/ansible-project/woy_asjA5No/c2I86Gq7AwAJ
[2]: https://groups.google.com/d/msg/ansible-project/woy_asjA5No/oLxrV6UZCAAJ
before deleting the user [2].
[1]: https://groups.google.com/d/msg/ansible-project/woy_asjA5No/c2I86Gq7AwAJ
[2]: https://groups.google.com/d/msg/ansible-project/woy_asjA5No/oLxrV6UZCAAJ
Reply all
Reply to author
Forward
0 new messages