Creating playbook to deal with multiple possible login names (Fallback login)

22 views
Skip to first unread message

Daniel

unread,
Oct 1, 2018, 10:40:34 AM10/1/18
to Ansible Project
I need to run automation against many hosts.   Some use login "A", some use login "B".  Passwords are the same.

1)   How can I get ansible to try a secondary login based on login failure?

2)    I've written a playbook to try multiple logins, and set ansible_user according to success or failure, but it stops at the first authentication failure.    I excute an innocuous command to verify ability to sudo to root to verify success.  I  Need it to continue after the initial authentication failure.    Note that the first llogin actually works, but it all craps out after being unable to authenticate.

Below is my script, and execution output follows:


# auth_desprawl.yml
---
- name: Playbook header to try multiple logins
  hosts: all
  vars:
    fourletter: idjw
    firstlast: dan.swan
    flast: dswan
  gather_facts: no
  tasks:

  - name:  Let's try to login as 4-letter
    set_fact: ansible_user={{ fourletter }}

  - shell: "lvs > /dev/null 2>&1"
    register: result
    ignore_errors: yes

  - meta: clear_host_errors

  - set_fact: goodlogin="{{ fourletter }}"
    when: result.rc == 0

  - name: "Let's try to login as first.last..."
    set_fact: ansible_user="{{ firstlast }}"

  - shell: "lvs > /dev/null 2>&1"
    register: result
    ignore_errors: yes

  - meta: clear_host_errors

  - set_fact: goodlogin="{{ firstlast }}"
    when: result.rc == 0

  - name: "Let's try to login as flast..."
    set_fact: ansible_user="{{ flast }}"

  - shell: "lvs > /dev/null 2>&1"
    register: result
    ignore_errors: yes

  - meta: clear_host_errors

  - set_fact: goodlogin="{{ flast }}"
    when: result.rc == 0

  - name: Proper login name is {{ goodlogin }}
    set_fact: ansible_user="{{ goodlogin }}"



# Ouput
[idjw@jumphost dswan.sundries]$ ansible-playbook  -i ",P93PAJNGNX02"  auth_desprawl.yml -kKb
SSH password:
SUDO password[defaults to SSH password]:

PLAY [Playbook header to try multiple logins] ****************************************************************************************************************************

TASK [Let's try to login as 4-letter] ************************************************************************************************************************************
ok: [P93PAJNGNX02]

TASK [command] ***********************************************************************************************************************************************************
changed: [P93PAJNGNX02]

TASK [set_fact] **********************************************************************************************************************************************************
ok: [P93PAJNGNX02]

TASK [Let's try to login as first.last...] *******************************************************************************************************************************
ok: [P93PAJNGNX02]

TASK [command] ***********************************************************************************************************************************************************
changed: [P93PAJNGNX02]

TASK [set_fact] **********************************************************************************************************************************************************
ok: [P93PAJNGNX02]

TASK [Let's try to login as flast...] ************************************************************************************************************************************
ok: [P93PAJNGNX02]

TASK [command] ***********************************************************************************************************************************************************
fatal: [P93PAJNGNX02]: UNREACHABLE! => {"changed": false, "msg": "Authentication failure.", "unreachable": true}

PLAY RECAP ***************************************************************************************************************************************************************
P93PAJNGNX02 : ok=7    changed=2    unreachable=1    failed=0







Brad Van Orden

unread,
Oct 1, 2018, 11:22:05 AM10/1/18
to ansible...@googlegroups.com
Why don't you just make them separate play books?  Simplify your task.

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1b338e68-f5ec-4219-98cc-b2cadd976372%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Daniel

unread,
Oct 1, 2018, 1:23:12 PM10/1/18
to Ansible Project
A fair answer, Brad.

We can actually run the same playbook multiple times by setting "-u" at runtime.

While the tasks may be executed, I'd have multiple logs of the tasks, I have other scripts that parse the output for success/failure rates.      

Having three similar logfiles becomes messy to reconcile, sort out and parse.

would rather have one script that is more tolerant of failures.
Reply all
Reply to author
Forward
0 new messages