Ansible vagrant - refuses to use vagrant user

[bryan hunt]

Hi,

I have been trying to get Ansible working with Vagrant for a day or two now.

Vagrant instances are configured with a sudo enabled user, 'vagrant'.

The auto-generated ssh config does not provide password-less access to the root account.

So I guess vagrant will have to run it's commands using the 'vagrant' user account.

But when I added the 'vvvv' flag to debug vagrant it transpired that it was trying to use the root account.

I have spent some more time on it, and created a ticket : https://github.com/ansible/ansible/issues/5403

But even using Ansible from the command line, I cannot get it to perform a ssh connection using any user but root.

Has anyone else encountered a similar problem ?

Thanks,

Bryan Hunt

[James Martin]

This is how I do it:

export ANSIBLE_REMOTE_USER=vagrant
export ANSIBLE_PRIVATE_KEY_FILE=$HOME/.vagrant.d/insecure_private_key
ssh-add $ANSIBLE_PRIVATE_KEY_FILE

- James

> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.

[Gilles Cornu]

Hi Bryan,

Following https://github.com/mitchellh/vagrant/pull/2710 and https://github.com/ansible/ansible/issues/5403, I would like to clarify a bit.

The reported problem (Why '--user' argument is ignored?) affects your general usage of `ansible-playbook`. You showed that it is not a specific problem with Vagrant Ansible provisioner, so it makes sense to keep the discussion here.

That said, I would like to help you to find out the origin of this problem... But I can't reproduce and have difficulties to figure out where could this "User=root" come from... Could you please detail your Ansible installation (from source or from package? do you use a custom ansible.cfg file?)

Cheers, Gilles

@James: exporting ANSIBLE_REMOTE_USER and ANSIBLE_PRIVATE_KEY_FILE as you mentioned is an easy trick to be able to run `ansible-playbook` from the command line (withou --private-key and --user), but you shouldn't need it to run commands like `vagrant provision`. Don't you, right? Focusing on the current problem, passing a `--user` argument actually overrides this $ANSIBLE_REMOTE_USER variable.

[Gilles Cornu]

OK, I think I've catched it. I can reproduce the problem when I override the remote user in the playbook file:

- hosts: all

  user: root

...

In my experience, the precedence rules for the applied ssh remote user are following:

1. ansible_ssh_user in inventory file (or defined as extra variable)
2. user YAML attribute in playbook file (recently discovered ;-)
3. -u / --user ansible-playbook argument (used by Vagrant provisioner)
4. ANSIBLE_REMOTE_USER environment variable
5. remote_user paramter in an ansible.cfg file
6. username of the current user

At the moment, Vagrant behavior can therefore be shadowed by configuration 1 and 2, which is the origin of this confusion. I'll re-open your pull request to evaluate, which strategy makes more sense...

[Aleem Bawany]

Sorry to revive an old thread but luckily, I came across this post only after banging my head against SSH connectivity issues for a couple of hours.

This ought to be documented somewhere but more importantly it makes sense to have the command line argument take highest precedence as that is the user's current explicit intent when he enters the username. It would also help with quicker debugging.