How to change form ssh username/password to public key encryption in a playbook?

[Hans IJ]

Hi,

I am a beginner with ansible; I couldn't find the answer yet.

I want to bootstrap virgin raspberry pi's (raspbian based);

It all works fine as intended, except for one step, 

I have to change the ansible hosts file manually half way between two playbooks to make it work.

What I want to fully automated:

0. Start with pi:raspberry account

1. Add a new admin account & add admin's public key to authorized hosts file

2. Change default password of "pi"

3. Some other stuff, install a few packages

4. reboot

5. Continue configuration via admin account & public key authentication

Question: how can I change midway in a playbook from username:password to public key (with admin account?)

or...I am fine to split in 2 playbooks, how can I have one playbook with pi:raspberry username/password

(as it is configured in hosts) and 2nd playbook with with admin:<public key authentication>

>>>>>>>>>>>>>>>>>>>>>>>

hosts

...

...

[pi:vars]

ansible_connection=ssh

# Disable below after new admin account with public key is created

ansible_user=pi

ansible_ssh_pass=raspberry

[Stefan Hornburg (Racke)]

On 7/29/20 1:30 PM, Hans IJ wrote:
> Hi,
>
> I am a beginner with ansible; I couldn't find the answer yet.
> I want to bootstrap virgin raspberry pi's (raspbian based);
>
> It all works fine as intended, except for one step, 
> I have to change the ansible hosts file manually half way between two playbooks to make it work.
>
> What I want to fully automated:
>
> 0. Start with pi:raspberry account
> 1. Add a new admin account & add admin's public key to authorized hosts file
> 2. Change default password of "pi"
> 3. Some other stuff, install a few packages
> 4. reboot
> 5. Continue configuration via admin account & public key authentication
>
> Question: how can I change midway in a playbook from username:password to public key (with admin account?)
> or...I am fine to split in 2 playbooks, how can I have one playbook with pi:raspberry username/password
> (as it is configured in hosts) and 2nd playbook with with admin:<public key authentication>
>

I suppose you can set these variables through a set_fact task, e.g.

set_fact:
ansible_user: admin

Please note that these changes only apply to the current play.

Regards
Racke

>
>>>>>>>>>>>>>>>>>>>>>>>>
> hosts
> ...
> ...
> [pi:vars]
> ansible_connection=ssh
>
> # Disable below after new admin account with public key is created
> ansible_user=pi
> ansible_ssh_pass=raspberry
>

> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> ansible-proje...@googlegroups.com <mailto:ansible-proje...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/ac77d551-bdba-4e37-94ba-096341f0a2abo%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/ac77d551-bdba-4e37-94ba-096341f0a2abo%40googlegroups.com?utm_medium=email&utm_source=footer>.


--
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration. Provisioning with Ansible.