Hi, One thing comes to mind - you could create two different entries in the inventory pointing to the same 'ansible_host' with different set of credentials. So the bootstrap process could run against the the first host (with default password) and the rest of the play - against the second. The inventory could look like this:
host1_bootstrap ansible_host=host1 ansible_user=root ansible_ssh_pass=abc host1_proper ansible_host=host1 ansible_user=user1 ..... kind regards Pshem On Tue, 12 Dec 2017 at 08:28 Kevin Phillips <thefriendlyco...@gmail.com> wrote: > Hi all. I was redirected here from the Ansible issue tracker on Github. I > am having difficulties with a specific use case I'm hoping to get help with. > > I am trying to find a way to programatically change SSH credentials in an > Ansible play between tasks and / or between hosts. Here is my most basic > use case: When bootstrapping a new server that has no LDAP configuration, > user profiles, etc. I need to authenticate as root. However, in the first > play I want to set up a limited user with sudo permissions (presumably > while logged in as root), then I want to disable remote logins for root and > continue running the rest of the plays as my newly created user. > > For bootstrapping purposes, the root users typically just have password > enabled authentication using a known default password... however the user > created by this first play is being configured with an SSH key to > facilitate passwordless logins for the remainder of the plays. > > Can someone tell me how I might orchestrate this seemingly simple sequence > of events? I've read up on ssh_args, ansible_pass, remote_user, and many > other ways of defining credentials for tasks but none of them seem to allow > the modification of the user and password in the way I've described above. > So any help / suggestions anyone has in this regard would be appreciated. > > We run our ansible plays on various Linux OSes and Mac OS X, and we're > using the latest version of Ansible in case that helps at all. > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ansible-project+unsubscr...@googlegroups.com. > To post to this group, send email to ansible-project@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/c9284559-0c0e-4580-8f07-243a1bef34ec%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/c9284559-0c0e-4580-8f07-243a1bef34ec%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAEaZiRV3P5M%3DgRCiF5%2B5oioYiGaSCxMW6rvgtotOVPpzrEqiaQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
