Define global variables in ansible group_vars/all file
2,755 views
Skip to first unread message
Xinhuan Zheng
Dec 6, 2019, 11:24:10 AM12/6/19
to Ansible Project
Hello,
I followed Ansible best practice to create my ansible automation directory structure like following:
group_vars
group_vars/all
host_vars
os.yml
production
roles
roles/os-issue
Since I'm using ansible user as a remote user, and sudo method to escalate its privileges globally, I want to define this in group_vars/all file. Here is what I define in group_vars/all directory:
---
# group_vars/all
vars:
- remote_user: ansible
- become: yes
- become_method: sudo
# group_vars/all
vars:
- remote_user: ansible
- become: yes
- become_method: sudo
However, when I ran my playbook, I'm still getting Permission Denied error:
ansible-playbook -i production os.yml -l Cluster1 -v
Using /etc/ansible/ansible.cfg as config file
PLAY [all] ****************************************************************************************************
TASK [Gathering Facts] ****************************************************************************************
PLAY [all] ****************************************************************************************************
TASK [Gathering Facts] ****************************************************************************************
fatal: [myserver]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: ============================================================\n|Permission denied (publickey,password,keyboard-interactive).", "unreachable": true}
PLAY RECAP ****************************************************************************************************
myserver : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
PLAY RECAP ****************************************************************************************************
myserver : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
Here is my os.yml playbook:
---
# file: os.yml
# This playbook file is to configure operating system after kickstarting
- hosts: all
roles:
- role: os-issue
# file: os.yml
# This playbook file is to configure operating system after kickstarting
- hosts: all
roles:
- role: os-issue
It is to set /etc/issue file for remote myserver.
Please advise me how I can define global variables in group_vars/all file.
Thank you,
- Xinhuan Zheng
Vladimir Botka
Dec 6, 2019, 11:30:25 AM12/6/19
to Xinhuan Zheng, ansible...@googlegroups.com
On Fri, 6 Dec 2019 08:24:10 -0800 (PST)
Xinhuan Zheng <xinhua...@gmail.com> wrote:
> # group_vars/all
>
> vars:
> - remote_user: ansible
> - become: yes
> - become_method: sudo
It's not necessary to use the "vars:" directive in the files.
Xinhuan Zheng <xinhua...@gmail.com> wrote:
> # group_vars/all
>
> vars:
> - remote_user: ansible
> - become: yes
> - become_method: sudo
See "Organizing host and group variables"
https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html#organizing-host-and-group-variables
# group_vars/all
remote_user: ansible
become: yes
become_method: sudo
Cheers,
-vlado
Xinhuan Zheng
Dec 6, 2019, 11:44:52 AM12/6/19
to Ansible Project
Hello,
It's not necessary to use the "vars:" directive in the files.
See "Organizing host and group variables"
https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html#organizing-host-and-group-variables
# group_vars/all
remote_user: ansible
become: yes
become_method: sudo
Cheers,
-vlado
I changed per advice. Here is my changed file:
---
# group_vars/all
remote_user: ansible
become: yes
become_method: sudo
However, this doesn't work either. I got same Permission Denied error like my previous run
- Xinhuan Zheng
alicia
Dec 6, 2019, 12:10:05 PM12/6/19
to ansible...@googlegroups.com
I don’t think the failure is related to using or not using “sudo”. The playbook failed because Ansible could not connect to the remote machine.
The error message:
fatal: [myserver]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: ============================================================\n|Permission denied (publickey,password,keyboard-
interactive).", "unreachable": true}
tells you that Ansible cannot connect to ‘myserver’ over SSH. If you try to connect to the target machine using SSH and the user ‘ansible’ from the command line, does that work? Do you have to type in a password? If you’re using SSH keys, does the ‘ansible’ user have permission to access the correct key?
See https://docs.ansible.com/ansible/latest/user_guide/connection_details.html#ssh-key-setup for information on setting up SSH keys.
Hope this helps point you in the right direction.
Alicia
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/c0f93f0f-315a-47f5-a645-17a35bd7ae82%40googlegroups.com.
Xinhuan Zheng
Dec 6, 2019, 12:15:42 PM12/6/19
to Ansible Project
Hello Alicia,
I just ran ad-hoc command with -u ansible parameter like below:
$ ansible all -i production -u ansible -l mygroup -a "uptime"
myserver | CHANGED | rc=0 >>
12:13:22 up 11 days, 2:26, 2 users, load average: 0.00, 0.02, 0.05
myserver | CHANGED | rc=0 >>
12:13:22 up 11 days, 2:26, 2 users, load average: 0.00, 0.02, 0.05
ansible user is defined on myserver, and it is in sudoers file in wheel group without password required.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible...@googlegroups.com.
Matt Martz
Dec 6, 2019, 12:17:39 PM12/6/19
to ansible...@googlegroups.com
`remote_user` is not an inventory var that ansible looks for to inform ansible how to connect. You would instead want to use `ansible_user`.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/44684370-2c51-468b-9165-feb6ec743eca%40googlegroups.com.
Dick Visser
Dec 6, 2019, 12:19:50 PM12/6/19
to ansible...@googlegroups.com
And if you add the ‘-b’ option to that?
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/44684370-2c51-468b-9165-feb6ec743eca%40googlegroups.com.
Sent from a mobile device - please excuse the brevity, spelling and punctuation.
Xinhuan Zheng
Dec 6, 2019, 12:28:02 PM12/6/19
to Ansible Project
Hello Dick,
Yes, I added -b option. That worked fine.
$ ansible all -i production -u ansible -l mygroup -a "uptime" -b
myserver | CHANGED | rc=0 >>
myserver | CHANGED | rc=0 >>
12:26:39 up 11 days, 2:40, 2 users, load average: 0.00, 0.01, 0.05
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/44684370-2c51-468b-9165-feb6ec743eca%40googlegroups.com.
Xinhuan Zheng
Dec 6, 2019, 12:58:06 PM12/6/19
to Ansible Project
Hello All,
I just figured out myself and I want to post it for sharing with other who would have similar issue like myself.
The issue is what variable names I use in group_vars/all file.
remote_user, become and become_method, are not inventory-like recognized variables, they are recognized in playbook, but not in inventory, although those variables are not put in inventory file, I believe, they are inventory variables.
The correct names when putting in group_vars/all file are:
---
# group_vars/all
ansible_user: ansible
ansible_become: true
ansible_become_method: sudo
# group_vars/all
ansible_user: ansible
ansible_become: true
ansible_become_method: sudo
- Xinhuan Zheng
Brian Coca
Dec 20, 2019, 12:02:19 PM12/20/19
to Ansible Project
ansible_user is a variable, can be defined anywhere variables are defined
remote_user is a keyword, as such it can only be set on playbook
objects (play/block/role/task)
--
----------
Brian Coca
remote_user is a keyword, as such it can only be set on playbook
objects (play/block/role/task)
--
----------
Brian Coca
Reply all
Reply to author
Forward
0 new messages