Not understanding why getting a failure on a task with "remote_user" set

[Willard Dennis]

Hi all,

The  section of the playbook that I am experiencing a failure (authenication failure) on is as follows:

- name: Enable passwordless connection as hdfs user to namenode host
  authorized_key: user=hdfs key="{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
  when: action == "format_hdfs" and "{{ ansible_hostname }}" in "{{ groups['hadoop_namenodes'] }}"
  tags: formathdfs

- name: Format HDFS on namenode
  remote_user: hdfs
  shell: source ~/.profile && {{ install_directory }}/hadoop/bin/hdfs namenode -format -force
  args:
     executable: /bin/bash
  when: action == "format_hdfs" and "{{ ansible_hostname }}" in "{{ groups['hadoop_namenodes'] }}"
  tags: formathdfs

When I run the playbook as 'root' I get a failure, even though I have set the failing task's "remote_user" to the appropriate user, and have (in the prior task) done a SSH key exchange for that user...

ansible-playbook -u root -k -i test hadoop-site.yml --tags=formathdfs --limit=hadoop-test1
[...]
PLAY [hadoop_namenodes] *******************************************************

GATHERING FACTS ***************************************************************
ok: [hadoop-test1]

TASK: [do-hadoop | Enable passwordless connection as hdfs user to namenode host] ***
ok: [hadoop-test1]

TASK: [do-hadoop | Format HDFS on namenode] ***********************************
fatal: [hadoop-test1] => Authentication failure.

FATAL: all hosts have already failed -- aborting

PLAY RECAP ********************************************************************
           to retry, use: --limit @/home/will/hadoop-site.retry

hadoop-test1               : ok=4    changed=0    unreachable=1    failed=0  

However, if I run playbook as the user that needs to perform the failing step ('hdfs'), it works...

ansible-playbook -u hdfs -i test hadoop-site.yml --tags=formathdfs --limit=hadoop-test1
[...]
PLAY [hadoop_namenodes] *******************************************************

GATHERING FACTS ***************************************************************
ok: [hadoop-test1]

TASK: [do-hadoop | Enable passwordless connection as hdfs user to namenode host] ***
ok: [hadoop-test1]

TASK: [do-hadoop | Format HDFS on namenode] ***********************************
changed: [hadoop-test1]

PLAY RECAP ********************************************************************
hadoop-test1               : ok=5    changed=1    unreachable=0    failed=0  

Can someone explain to me why the first case is failing, and how I could get it to work?

Thanks,
Will

[Brian Coca]

The issue is not remote user it is that you are mixing key based and
password based authentication, for hdfs you have a key, but for root
you use a password. These don't mix in the same run and you should
have both users either use keys or passwords.


--
Brian Coca

[Willard Dennis]

Thanks Brian, make sense... Will do a key exchange for the root account as well.

Best,

Will

--
You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/QfEO4oOUTNw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAJ5XC8%3DQjBjr%2BMn%3DrtO_UQb7ToW4VcGJeviam_%2BVFeqVPM2A5A%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

[Brian Coca]

Or you can just have them as separate plays, right now ansible will
see -k on the command line and expect all connections to prompt for
password, we might want to make this behavior overridable but not sure
how well this can work (though IIRC we do have the inventory var
ansible_ssh_pass that can provide this by host).

--
Brian Coca