I am using Ansible 2.1.0.0
I try to use become_user with a variable in a task, but I receive the following message:
fatal: [host]: FAILED! => {"failed": true, "msg": "'ansible_user' is undefined"}
The task executing this is
- name: Config git user name
git_config: name=user.name scope=global value={{ ansible_host }}
become: Yes
become_user: "{{ansible_user}}"
And the playbook has the following line to define the remote user:
- name: Foo
hosts: foo
vars:
http_port: 80
remote_user: admin
I've seen this response which seems to be the same problem, but this does not work for me.
I have seen also a set_fact solution but I would like to use the remote_user var if possible so no extra lines must be added if a playbook already has the remote_user var set.
Does anyone know how to do this or what I am doing wrong?
What about that:
- name: Foo
hosts: foo
vars:
http_port: 80
my_user: admin
remote_user: "{{my_user}}"
then:
- name: Config git user name
git_config: name=user.name scope=global value={{ ansible_host }}
become: Yes
become_user: "{{my_user}}"
I think I found it:
become_user: "{{ansible_ssh_user}}"
In fact the remote_user: admin is another way of defining the variable ansible_ssh_user, I dont know why remote_user is not accessible as a variable, but what I know is that when you set remote_user, it changes the variable ansible_ssh_user
Not sure if it's a clean solution though, but it works
I had a similar problem thrying to use {{ ansible_ssh_user }}
fatal: [xxx]: FAILED! => {"msg": "The field 'become_user' has an
invalid value, which includes an undefined variable. The error was:
'ansible_user' is undefined"}
I fixed this error using this approach:
- name: Backups - Start backups service
shell:
cmd: systemctl --user enable backups.service && systemctl --user restart backups.service
executable: /bin/bash
become: true
become_method: sudo
become_user: "{{ lookup('env','USER') }}"
I hope this helps.
Related
I want to encrypt my host credentials in a central secrets.yml file.
How can I tell Ansible, to use the variables?
I tried with this setup:
host_vars/test.yml
ansible_user: {{ test_user }}
ansible_become_pass: {{ test_pass }}
secrets.yml
# Credentials Test Server #
test_user: user
test_pass: password
inventory.yml
all:
children:
test:
hosts:
10.10.10.10
playbook.yml
---
- name: Update Server
hosts: test
become: yes
vars_files:
- secrets.yml
tasks:
- name: Update
ansible.builtin.apt:
update_cache: yes
For execution I user this command:
ansible-playbook -i inventory.yml secure_linux.yml --ask-vault-pass
During execution I get this Error Message:
fatal: [10.10.10.10]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: root#10.10.10.10: Permission denied (publickey,password).", "unreachable": true}
For those credentials to be used by all hosts, use the group_vars/all directory. So you will have the file group_vars/all/secrets.yml, which you will encrypt with ansible-vault.
ansible_user: user
ansible_password: password
You do not need a host_vars file.
The solution was:
give the host_vars file the right name (10.10.10.10.yml)
add ansible_password as variable
use quotation marks "{{ test_user }}"
I am trying to write a playbook that completes some of its tasks on the machine that the playbook is running on. I know i can use local_action for this but I am just testing if the playbook works for now. Eventually I will need to use the delegate_to. I have defined the variable and I am using delegate_to: 'variable name' but I am getting this error. : " fatal [target node]: FAILED! => { msg": "'variablename' is undefined. Below is my playbook:
name: Create certs
gather_facts: true
vars:
master: "{{ nameofhost }}"
tasks:
- name: Run command
shell: Command to run
delegate_to: "{{ master }}"
You need to target your play to a target hosts of an inventory
name: Create certs
gather_facts: true
hosts: target_hosts
vars:
master: "{{ nameofhost }}"
tasks:
- name: Run command
shell: Command to run
delegate_to: "{{ master }}"
```
Your inventory files may look like that:
[target_hosts]
master ansible_host=your_master_dns_or_ip
And then ansible can target that inventory group and then reduce the task scope to master host. Or you can just use the localhost as target.
I have defined the following in my ansible.cfg
# default user to use for playbooks if user is not specified
# (/usr/bin/ansible will use current user as default)
remote_user = ansible
However I have a playbook bootstrap.yaml where I connect with root rather than ansible
---
- hosts: "{{ target }}"
become: no
gather_facts: false
remote_user: root
vars:
os_family: "{{ osfamily }}}"
roles:
- role: papanito.bootstrap
However it seems that remote_user: root is ignored as I always get a connection error, because it uses the user ansible instead of root for the ssh connection
fatal: [node001]: UNREACHABLE! => {"changed": false,
"msg": "Failed to connect to the host via ssh:
ansible#node001: Permission denied (publickey,password).",
"unreachable": true}
The only workaround for this I could find is calling the playbook with -e ansible_user=root. But this is not convenient as I want to call multiple playbooks with the site.yaml, where the first playbook has to run with ansible_user root, whereas the others have to run with ansible
- import_playbook: playbooks/bootstrap.yml
- import_playbook: playbooks/networking.yml
- import_playbook: playbooks/monitoring.yml
Any suggestions what I am missing or how to fix it?
Q: "remote_user: root is ignored"
A: The playbook works as expected
- hosts: test_01
gather_facts: false
become: no
remote_user: root
tasks:
- command: whoami
register: result
- debug:
var: result.stdout
gives
"result.stdout": "root"
But, the variable can be overridden in the inventory. For example with the inventory
$ cat hosts
all:
hosts:
test_01:
vars:
ansible_connection: ssh
ansible_user: admin
the result is
"result.stdout": "admin"
Double-check the inventory with the command
$ ansible-inventory --list
Notes
It might be also necessary to double-check the role - role: papanito.bootstrap
See Controlling how Ansible behaves: precedence rules
I faced a similar issue, where ec2 instance required different username to ssh with. You could try with below example
- import_playbook: playbooks/bootstrap.yml
vars:
ansible_ssh_user: root
Try this
Instead of “remote_user: root”use “remote_user: ansible” and additional “become: yes” ,”become_user: root”,”become_method: sudo or su”
This is code of my ansible script .
---
- hosts: "{{ host }}"
remote_user: "{{ user }}"
ansible_become_pass: "{{ pass }}"
tasks:
- name: Creates directory to keep files on the server
file: path=/home/{{ user }}/fabric_shell state=directory
- name: Move sh file to remote
copy:
src: /home/pankaj/my_ansible_scripts/normal_script/installation/install.sh
dest: /home/{{ user }}/fabric_shell/install.sh
- name: Execute the script
command: sh /home/{{ user }}/fabric_shell/install.sh
become: yes
I am running the ansible playbook using command>>>
ansible-playbook send_run_shell.yml --extra-vars "user=sakshi host=192.168.0.238 pass=Welcome01" .
But I don't know why am getting error
ERROR! 'ansible_become_pass' is not a valid attribute for a Play
The error appears to have been in '/home/pankaj/go/src/shell_code/send_run_shell.yml': line 2, column 3, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
---
- hosts: "{{ host }}"
^ here
We could be wrong, but this one looks like it might be an issue with
missing quotes. Always quote template expression brackets when they
start a value. For instance:
with_items:
- {{ foo }}
Should be written as:
with_items:
- "{{ foo }}"
Please guide , what I am doing wrong.
Thanks in advance ...
ansible_become_pass is a connection parameter which you can set as variable:
---
- hosts: "{{ host }}"
remote_user: "{{ user }}"
vars:
ansible_become_pass: "{{ pass }}"
tasks:
# ...
That said, you can move remote_user to variables too (refer to the whole list of connection parameters), save it to a separate host_vars- or group_vars-file and encrypt with Ansible Vault.
Take a look on this thread thread and Ansible Page. I propose to use become_user in this way:
- hosts: all
tasks:
- include_tasks: task/java_tomcat_install.yml
when: activity == 'Install'
become: yes
become_user: "{{ aplication_user }}"
Try do not use pass=Welcome01,
When speaking with remote machines, Ansible by default assumes you are using SSH keys. SSH keys are encouraged but password authentication can also be used where needed by supplying the option --ask-pass. If using sudo features and when sudo requires a password, also supply --ask-become-pass (previously --ask-sudo-pass which has been deprecated).
I understand that the ansible_ssh_pass (and similarly ansible_become_pass) variables are settable via inventories. E.g.:
[some_group:vars]
ansible_ssh_pass=some_password
But is the same referencable from a task without explicitly setting it in an inventory? E.g. if I simply provide the password with --ask-pass?
The use case would be to mount a CIFS share with an authorized account (which would simply be a user's SSH account as we have Active Directory in our environment). I've tried using the documented variables, e.g.:
- name: Mount a drive
sudo: true
mount: state="mounted" fstype="cifs" opts="username={{ ansible_ssh_user }}, password={{ ansible_ssh_pass }} src=..."
But this results in an error:
fatal: [some.machine] => One or more undefined variables: 'ansible_ssh_pass' is undefined
Regarding your question
But is the same referencable from a task without explicitly setting it in an inventory? E.g. if I simply provide the password with --ask-pass?
the short answer is yes. A test remote playbook
---
- hosts: test
become: yes
gather_facts: no
tasks:
- name: Show variables
debug:
msg:
- "Provided user: {{ ansible_user }}"
- "Provided password: {{ ansible_password }}"
called via
ansible-playbook --user ${ADMIN_USER} --ask-pass remote.yml
results into an output of
TASK [Show variables] ***********
ok: [test.example.com] =>
msg:
- 'Provided user: admin_user'
- 'Provided password: 12345678'
just providing the given password.