Bootstrap FreeKB - Ansible - ansible_user ansible_ssh_pass in /etc/ansible/hosts
Ansible - ansible_user ansible_ssh_pass in /etc/ansible/hosts

Updated:   |  Ansible articles

By default, Ansible uses SSH to connect to the managed nodes (e.g. target systems). This can be changed to some other protocol. However, assuming you'll be using SSH, you must be able to make an SSH connection from the control node (that' your Ansible server) to the managed nodes. The ssh command (on Linux) can be used to determine if you are able to make an SSH connection from the control node to the managed nodes.

SSH has a couple different authentication method.

  • Password authentication
  • Public/Private key authentication

Password authentication

Command line flag --ask-pass can be used to prompt for your SSH password when issuing an Ansible command. The --ask-become-pass flag can be used to prompt for your SSH password when making a connection to a host that requires elevated privileges, such as sudo.

Or, you could define your SSH username in the defaults hosts file or your own hosts file. In this example, "all" is used so that all SSH connections will used the provided SSH username and password using the INI file format.

[all:vars]
ansible_connection=ssh
ansible_user=john.doe
ansible_ssh_pass=johns_ssh_password

 

And here is how to do the same using the YAML file format.

all:
  hosts:
    server1.example.com:
    server2.example.com:
  vars:
    ansible_connection: ssh
    ansible_user: john.doe
    ansible_ssh_pass: itsasecret

 

In this example, specific servers use a specific SSH username and password in the INI file format.

[all:vars]
ansible_connection=ssh
server1.example.com ansible_user=john.doe ansible_ssh_pass=johns_ssh_password
server2.example.com ansible_user=jane.doe ansible_ssh_pass=janes_ssh_password

 

And YAML file format.

all:
  hosts:
    server1.example.com:
    server2.example.com:
  children:
    linux:
      hosts:
        server3.example.com:
        server4.example.com:
      vars:
        ansible_user: john.doe
        ansible_ssh_pass: itsasecret
    windows:
      hosts:
        server5.example.com:
        server6.example.com:
      vars:
        ansible_user: jane.doe
        ansible_ssh_pass: itsasecret

 

These approaches are not ideal, as they put the password in clear text a file. A much better solution is to create an encrypted password. Refer to Ansible - Using an encrypted password for SSH.

The ansible command with the ping module can be used to test the SSH connection.

ansible all -m ping

 

If the SSH connection and ping are successful, the following should be displayed.

server1.example.com | SUCCESS => {	
    "changed": false,
    "ping": "pong" 
}

 


Passwordless authentication

Better yet, you can configure passwordless SSH authentication between the control node and managed nodes. If the control node is a Linux distribution, and the managed nodes are also a Linux distribution, and OpenSSH is being used on each Linux server, refer to this article to configure passwordless SSH authentication between the control node and managed nodes.

Public key authentication with OpenSSH on Linux




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee



Comments


Add a Comment


Please enter 45c5f9 in the box below so that we can be sure you are a human.