By default, Ansible uses SSH to connect to the managed nodes (e.g. target systems). This can be changed to some other protocol. However, assuming you'll be using SSH, you must be able to make an SSH connection from the control node (thats your Ansible server) to the managed nodes. The ssh command (on Linux) can be used to determine if you are able to make an SSH connection from the control node to the managed nodes.
SSH has a couple different authentication method.
- Password authentication
- Public/Private key authentication
Password authentication
Following are the various ways to define the SSH user, with the higher option taking precedence over the lower options. If none of these options are used, then the SSH user will default to the user that is invoking the ansible command.
- --user command line option
- remote_user parameter
- ansible_user variable in your inventory file
- ansible_user variable in your group_vars file
Let's say you've a group of Linux servers and a group of Windows servers, like this, and John Doe should be the SSH user for the Linux servers, and Jane Doe should be the SSH user for the Windows servers.
[linux]
server1.example.com
[windows]
server2.example.com
In this scenario, you would have two group_vars files, one for the Linux servers and another for the Windows servers.
/etc/ansible/group_vars/linux.yml
/etc/ansible/group_vars/windows.yml
In this example, "linux" so that John Doe is the SSH user for Linux hosts. This example uses the INI file format.
[linux:vars]
ansible_connection=ssh
ansible_user=john.doe
ansible_ssh_pass=johns_ssh_password
And here is how to do the same for Windows hosts and Jane Doe using the YAML file format.
all:
hosts:
children:
windows:
server3.example.com:
server4.example.com:
vars:
ansible_connection: ssh
ansible_user: jane.doe
ansible_ssh_pass: itsasecret
In this example, specific servers use a specific SSH username and password in the INI file format.
[all:vars]
ansible_connection=ssh
server1.example.com ansible_user=john.doe ansible_ssh_pass=johns_ssh_password
server2.example.com ansible_user=jane.doe ansible_ssh_pass=janes_ssh_password
And YAML file format.
all:
hosts:
server1.example.com:
server2.example.com:
children:
linux:
hosts:
server3.example.com:
server4.example.com:
vars:
ansible_user: john.doe
ansible_ssh_pass: itsasecret
windows:
hosts:
server5.example.com:
server6.example.com:
vars:
ansible_user: jane.doe
ansible_ssh_pass: itsasecret
However, this approach is not ideal, as it puts the password in clear text a file. A much better solution is to create an encrypted password. Refer to Ansible - Using an encrypted password for SSH.
The ansible command with the ping module can be used to test the SSH connection.
ansible all -m ping
If the SSH connection and ping are successful, the following should be displayed.
server1.example.com | SUCCESS => {
"changed": false,
"ping": "pong"
}
Passwordless authentication
Better yet, you can configure passwordless SSH authentication between the control node and managed nodes. If the control node is a Linux distribution, and the managed nodes are also a Linux distribution, and OpenSSH is being used on each Linux server, refer to this article to configure passwordless SSH authentication between the control node and managed nodes.
Did you find this article helpful?
If so, consider buying me a coffee over at