On Wed, Jan 21, 2015 at 8:25 AM, Stuart Budd <s2b...@gmail.com> wrote: > I do not understand how this example works for user foo > > If I have not stated the user account to use for the ssh connection within > the command line using: ansible_ssh_user=foo > or the Ansible host file: /etc/ansible/hosts > > Is the current user account used as the ssh connection to a remote server if > not specified on the command line or within the file: /etc/ansible/hosts ? > Correct.
> If so, does the logic for which user account to use for the ssh connection > go like this: > > Use the current user account, unless specified in the command line using > command: ansible_ssh_user=foo Via the command line: * for /usr/bin/ansible use: -u foo /usr/bin/ansible rhel7-test -u ansibletest1 -a whoami * for /usr/bin/ansible-playbook you can use -u foo if nothing else is setting the user (not in /etc/ansible/hosts or the playbook). If you really want to override what's specified in hosts or the playbook use -e ansible_ssh_user=foo: ansible-playbook test.yml -v -e 'ansible_ssh_user=ansibletest1' > and if not specified in the /etc/ansible/hosts file as: > ansible_ssh_user=foo > > Ansible Local Server Remote server > local-01 remote-01 > --------------------------- -------------------- > Local User foo --> ssh --> Remote user foo > > So in this example: > (1) Local user running /usr/bin/ansible is foo > (2) Remote user is an account on the remote box remote-01 which is also > named foo > (3) sudoing will sudo to the remote account foo. Which as you say is a > no-op. #3 is only true if you've specified that foo is the sudo_user somewhere (for instance in ansible.cfg) Otherwise you'll be sudo'ing to root. > Server local-01 > [root@local-01 /]# grep sudo_user /etc/ansible/ansible.cfg > sudo_user = root > [root@local-01 /]# cat /etc/ansible/hosts > [servers] > remote-01 > [root@local-01 /]# > > > Ansible command > [root@local-01 ~]# su - foo > [foo@local-01 ~]$ ssh foo@remote-01 whoami > foo > [foo@local-01 ~]$ ansible remote-01 -m command -a "whoami" > remote-01 | success | rc=0 >> > foo > [foo@local-01 ~]$ > <nod> This is all correct. I see that you pointed out that sudo_user = root in ansible.cfg. So just in case you're wondering, ansible does not sudo unless you tell it to. That would look something like this: [foo@local-01 ~]$ ansible remote-01 -m command -a "whoami" --sudo -K sudo password: remote-01 | success | rc=0 >> root > > Question > How does the above Ansible command work if I have not specified the user > account for the SSH connection or the local user account either within > the command line, /etc/ansible/ansible.cfg or within the file > /etc/ansible/hosts ? > The default for ansible (and for ssh) is to use the username that you are logged in locally as. > Is this not the function of the parameters ansible_ssh_user and > ansible_sudo_user ? > ansible_ssh_user (in /etc/ansible/hosts or another inventory file) overrides that, yes. ansible_sudo_user specifies which user to sudo to once you've ssh'd into the remote box. > Should I not need to specify this: ansible_ssh_user=foo ? > Even if I do not need this: ansible_sudo_user=foo ? > In most people's environments they have the same username on all of their boxes. So those people don't need to set ansible_ssh_user. If you are using different usernames on the local and remote box then you do need to set ansible_ssh_user so that ansible knows which account it needs to ssh into on the remote machine. -Toshio -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAG9juErjnHuYQ-NWoJB%3DA9QQcDBqria7FH3y6GfWH%3DVVd2ij8A%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
