ansible identify ssh user in ansible vars - ansible

In some ansible script I'm geting a
rsync: mkdir "/var/www/xxx" failed: Permission denied
I need to check what is the user my ansible is using in the target VM.
How can I print the user with a debug: line ?
I look for something like the $ id unix command to debug the permission Pb.

Ansible will always default to the current user(in the shell) and if you want to connect to a remote machine using a different user, you can use the remote_user in your ansible playbook.
See: http://docs.ansible.com/ansible/intro_configuration.html#remote-user for more details.
If you want to run a shell command and capture the output:
- name: "Run a shell command"
shell: /usr/bin/id
register: result
- name: Print the value of result
debug: var=result
or
- name: Print the user id using the ansible_user_id fact
debug: msg="{{ansible_user_id}}"

Related

Executing task after being logged as root in ansible

I am trying to subsequently run a task after I am connected using ssh. I am connecting using this in my playbook
- name: connect using password # task 1; this task set/connect me as root
expect:
command: ssh -o "StrictHostKeyChecking=no" myuser#********
responses:
"password:":
-my password
-my password
delegate_to: localhost
That task is fine and I am able to see that I am connected. The problem now is that when I try to run subsequent tasks for example:
- name: copy folder # task 2 in the same playbook
copy:
src: "files/mylocalfile.txt"
dest: "etc/temp"
mode: "0777"
I have the following message:
"msg: etc/temp not writable"
How do I do to continue executing the remaining task as root that got connected in task1?
I believe this might not be an ansible question, but a linux one.
Is your user in /etc/wheel?
Ansible has the direective become, which will let you execute a task as root, if the user you are connecting with is allowed to escalate privileges. The task you want to run with privileges would be something like:
- name: copy folder # task 2 in the same playbook
become: yes
copy:
src: "files/mylocalfile.txt"
dest: "etc/temp"
mode: "0777"
you can use become_user if you need to specify the user you want to run the task as, and if you have a password for the privileged user, you can ask ansible to prompt for the password when running ansible-playbook, using --ask-become-password.
The following link offers documentation about privilege escalation in ansible:
https://docs.ansible.com/ansible/latest/user_guide/become.html

Is there a way to run shell script which prompts for input values from Ansible playbook?

I have an Ansible playbook which calls an existing shell script. Shell script when triggered standalone, prompts for some user input. I want the same functionality from Ansible playbook as well (call shell script with prompting from Ansible playbook).
I tried with shell/command/raw options in Ansible playbook (with no luck).
- hosts: localhost
gather_facts: false
become: true
become_user: oracle
become_flags: 'content-ansible'
pre_tasks:
- include_vars: vars.yml
tasks:
- name: Do Create Users....
shell: cd "{{v_dir}}" && yes | sh script.sh
Ansible does not give you access to interactive commands.
You have to duplication the user interaction. First you have to ask for the input with Prompts and second you have to feed the values to your interactive program with expect.
But this is not the Ansible way of life, because it is not reproducible. The main reason to use Ansible is to create idempotent jobs, which do everytime the same thing. If you ask for user input, the job depends an the input and this means it may do different things each time it is called.

Running a command in an ansible-playbook from the ansible host using variables from the current ansible process

Having hit a brick wall with troubleshooting why one shell script is hanging when I'm trying to run it via Ansible on the remote host, I've discovered that if I run it in an ssh session from the ansible host it executes successfully.
I now want to build that into a playbook as follows:
- name: Run script
local_action: shell ssh $TARGET "/home/ansibler/script.sh"
I just need to know how to access the $TARGET that this playbook is running on from the selected/limited inventory so I can concatenate it into that local_action.
Is there an easy way to access that?
Try with ansible_host:
- name: Run script
local_action: 'shell ssh {{ ansible_host }} "/home/ansibler/script.sh"'

Ansible have shell command use stored password

Looking to have a way for a password in a file to be used when I call the shell script below. I don't want to have to type the password in for a lot of machines to copy one file over. I need to use SCP or ti won't work
I'm also using ansible vault
- hosts: localhost
gather_facts: no
tasks:
- name: Copy File to Local Machine
shell: "scp test#{{ item }}:/home/test/*.csv /location/on/localhost"
with_items: "{{groups['firewall']}}"
answer provided below:
- name: Copy File to Local Machine
shell: "sshpass -p {{ ansible_ssh_pass }} scp test#{{ item }}:/home/test/*.csv /destination"
with_items: "{{groups['firewall']}}"
You can save the password first.
$ cat config.sh
eval `ssh-agent -s`
ssh-add ~/.ssh/default # <- replace the ssh key with yours
Have it ready and run it before running ansible playbook
$ chmod +x config.sh
$ . config.sh
Agent pid 87414
Enter passphrase for /home/test/.ssh/default:
Identity added: /home/test/.ssh/default (/home/test/.ssh/default)
Then you shouldn't have password prompt issue.

Ansible execute remote ssh task

I have tried connecting to a remote "custom" Linux vm, and copied my ssh public ssh it, yet, I'm able to get Ansible to ping / connect it, as I keep getting remote host unreachable. "I think its because its running custom version of linux and ssh auth might be behaving differently"
The following remote ssh command works
# ssh -t user#server_ip "show vd"
password: mypassword
I'm trying to convert this above command to an Ansible playbook
---
- hosts: server_ip
gather_facts: no
remote_user: root
tasks:
- name: check devise status
shell: ssh -i server_ip "show vd"
register: output
- expect:
command: sh "{{ output.stdout }}"
responses:
(?i)password: user
I'm unable to get it to work, and I'm not sure if this is the write way of doing it, your input is highly appreciated it.
Whenever you have ssh connection problems you should add the -vvvv parameter to your ansible-playbook command line. That way it will give detailed information about the ssh connection and errors.

Resources