By default, Ansible uses SSH to connect to the managed nodes (e.g. target systems). This can be changed to some other protocol. However, assuming you'll be using SSH, you must be able to make an SSH connection from the control node (that' your Ansible server) to the managed nodes. The ssh command (on Linux) can be used to determine if you are able to make an SSH connection from the control node to the managed nodes.
SSH has a couple different authentication method.
- Password authentication
- Public/Private key authentication
Password authentication
Command line flag --ask-pass can be used to prompt for your SSH password when issuing an Ansible command. The --ask-become-pass flag can be used to prompt for your SSH password when making a connection to a host that requires elevated privileges, such as sudo.
Or, you could define your SSH username in the defaults hosts file or your own hosts file. In this example, "all" is used so that all SSH connections will used the provided SSH username and password using the INI file format.
[all:vars]
ansible_connection=ssh
ansible_user=john.doe
ansible_ssh_pass=johns_ssh_password
And here is how to do the same using the YAML file format.
all:
hosts:
server1.example.com:
server2.example.com:
vars:
ansible_connection: ssh
ansible_user: john.doe
ansible_ssh_pass: itsasecret
In this example, specific servers use a specific SSH username and password in the INI file format.
[all:vars]
ansible_connection=ssh
server1.example.com ansible_user=john.doe ansible_ssh_pass=johns_ssh_password
server2.example.com ansible_user=jane.doe ansible_ssh_pass=janes_ssh_password
And YAML file format.
all:
hosts:
server1.example.com:
server2.example.com:
children:
linux:
hosts:
server3.example.com:
server4.example.com:
vars:
ansible_user: john.doe
ansible_ssh_pass: itsasecret
windows:
hosts:
server5.example.com:
server6.example.com:
vars:
ansible_user: jane.doe
ansible_ssh_pass: itsasecret
These approaches are not ideal, as they put the password in clear text a file. A much better solution is to create an encrypted password. Refer to Ansible - Using an encrypted password for SSH.
The ansible command with the ping module can be used to test the SSH connection.
ansible all -m ping
If the SSH connection and ping are successful, the following should be displayed.
server1.example.com | SUCCESS => {
"changed": false,
"ping": "pong"
}
Passwordless authentication
Better yet, you can configure passwordless SSH authentication between the control node and managed nodes. If the control node is a Linux distribution, and the managed nodes are also a Linux distribution, and OpenSSH is being used on each Linux server, refer to this article to configure passwordless SSH authentication between the control node and managed nodes.
Did you find this article helpful?
If so, consider buying me a coffee over at