FreeKB - Ansible ansible_user ansible_ssh_pass in group_vars
Ansible - ansible_user ansible_ssh_pass in group_vars

By default, Ansible uses SSH to connect to the managed nodes (e.g. target systems). This can be changed to some other protocol. However, assuming you'll be using SSH, you must be able to make an SSH connection from the control node (that' your Ansible server) to the managed nodes. The ssh command (on Linux) can be used to determine if you are able to make an SSH connection from the control node to the managed nodes.

SSH has a couple different authentication method.

  • Password authentication
  • Public/Private key authentication

Password authentication

Following are the various ways to define the SSH user, with the higher option taking precedence over the lower options. If none of these options are used, then the SSH user will default to the user that is invoking the ansible command.

Let's say you've a group of Linux servers and a group of Windows servers, like this, and John Doe should be the SSH user for the Linux servers, and Jane Doe should be the SSH user for the Windows servers.

[linux]
server1.example.com
[windows]
server2.example.com

 

In this scenario, you would have two group_vars files, one for the Linux servers and another for the Windows servers.

/etc/ansible/group_vars/linux.yml
/etc/ansible/group_vars/windows.yml

 

In this example, "linux" so that John Doe is the SSH user for Linux hosts. This example uses the INI file format.

[linux:vars]
ansible_connection=ssh
ansible_user=john.doe
ansible_ssh_pass=johns_ssh_password

 

And here is how to do the same for Windows hosts and Jane Doe using the YAML file format.

all:
  hosts:
    children:
      windows:
        server3.example.com:
        server4.example.com:
      vars:
        ansible_connection: ssh
        ansible_user: jane.doe
        ansible_ssh_pass: itsasecret

 

In this example, specific servers use a specific SSH username and password in the INI file format.

[all:vars]
ansible_connection=ssh
server1.example.com ansible_user=john.doe ansible_ssh_pass=johns_ssh_password
server2.example.com ansible_user=jane.doe ansible_ssh_pass=janes_ssh_password

 

And YAML file format.

all:
  hosts:
    server1.example.com:
    server2.example.com:
  children:
    linux:
      hosts:
        server3.example.com:
        server4.example.com:
      vars:
        ansible_user: john.doe
        ansible_ssh_pass: itsasecret
    windows:
      hosts:
        server5.example.com:
        server6.example.com:
      vars:
        ansible_user: jane.doe
        ansible_ssh_pass: itsasecret

 

However, this approach is not ideal, as it puts the password in clear text a file. A much better solution is to create an encrypted password. Refer to Ansible - Using an encrypted password for SSH.

The ansible command with the ping module can be used to test the SSH connection.

ansible all -m ping

 

If the SSH connection and ping are successful, the following should be displayed.

server1.example.com | SUCCESS => {	
    "changed": false,
    "ping": "pong" 
}

 


Passwordless authentication

Better yet, you can configure passwordless SSH authentication between the control node and managed nodes. If the control node is a Linux distribution, and the managed nodes are also a Linux distribution, and OpenSSH is being used on each Linux server, refer to this article to configure passwordless SSH authentication between the control node and managed nodes.

Public key authentication with OpenSSH on Linux



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter 043f8 in the box below so that we can be sure you are a human.




Comments

Web design by yours truely - me, myself, and I   |   jeremy.canfield@freekb.net   |