FreeKB - Ansible /etc/ansible/hosts file SSH
Ansible - /etc/ansible/hosts file SSH

By default, Ansible uses SSH to connect to the managed nodes (e.g. target systems). This can be changed to some other protocol. However, assuming you'll be using SSH, you must be able to make an SSH connection from the control node (that' your Ansible server) to the managed nodes. The ssh command (on Linux) can be used to determine if you are able to make an SSH connection from the control node to the managed nodes.

SSH has a couple different authentication method.

  • Password authentication
  • Public/Private key authentication

Password authentication

Command line flags --ask-pass or --ask-become-pass can be used to prompt for your SSH password when issuing an Ansible command.

Or, you could define your SSH username in the defaults hosts file or your own hosts file. In this example, "all" is used so that all SSH connections will used the provided SSH username and password.

[all:vars]
ansible_connection=ssh
ansible_user=john.doe
ansible_ssh_pass=johns_ssh_password

 

In this example, specific servers use a specific SSH username and password.

server1.example.com ansible_user=john.doe ansible_ssh_pass=johns_ssh_password
server2.example.com ansible_user=jane.doe ansible_ssh_pass=janes_ssh_password

 

Better yet, you could define your SSH username and password is a YAML file under the group_vars directory. In this example, all.yml is used so that all SSH connections will used the provided SSH username and password.

/etc/ansible/group_vars/all.yml

 

The all.yml file should look something like this.

ansible_connection: ssh
ansible_user: john.doe
ansible_ssh_pass: johns_ssh_password

 

However, both of these approaches are not ideal, as they put the password in clear text a file. A much better solution is to create an encrypted password. Refer to Ansible - Using an encrypted password for SSH.

 

The ansible command with the ping module can be used to test the SSH connection.

ansible all -m ping

 

If the SSH connection and ping are successful, the following should be displayed.

server1.example.com | SUCCESS => {	
    "changed": false,
    "ping": "pong" 
}

 


Passwordless authentication

Better yet, you can configure passwordless SSH authentication between the control node and managed nodes. If the control node is a Linux distribution, and the managed nodes are also a Linux distribution, and OpenSSH is being used on each Linux server, refer to this article to configure passwordless SSH authentication between the control node and managed nodes.

Public key authentication with OpenSSH on Linux



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter 0cce2 in the box below so that we can be sure you are a human.




Comments

Web design by yours truely - me, myself, and I   |   jeremy.canfield@freekb.net   |