Discussion:
[ansible-project] How to choose remote_user accoring to OS distribution?
Adam R.
2015-07-10 21:07:14 UTC
Permalink
Hello,


I am creating a role to upgrade my servers. Some are CentOS others are
Fedora. CentOS servers use remote_user: root and Fedora servers
remote_user: fedora

How can i setup my playbook to use one remote_user according to
ansible_distribution?

In the Ansible FAQ there is a section that deals with these issue setting
inventory variables in the inventory file, but i am
using dynamic inventory.
http://docs.ansible.com/faq.html#how-do-i-handle-different-machines-needing-different-user-accounts-or-ports-to-log-in-with


Or there is a way to try sshing as some user if the connection fails, try
another login user?


How to choose remote user according to OS?

Or it is easier to create a separate playbook for each ansible_distribution?


Thank you!
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+***@googlegroups.com.
To post to this group, send email to ansible-***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1c9c2e61-1a3b-4ec4-b03b-346183cb8806%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Adam R.
2015-07-10 21:16:25 UTC
Permalink
A better description is "How to set remote_user for according to OS
distribution
Post by Adam R.
Hello,
I am creating a role to upgrade my servers. Some are CentOS others are
Fedora. CentOS servers use remote_user: root and Fedora servers
remote_user: fedora
How can i setup my playbook to use one remote_user according to
ansible_distribution?
In the Ansible FAQ there is a section that deals with these issue setting
inventory variables in the inventory file, but i am
using dynamic inventory.
http://docs.ansible.com/faq.html#how-do-i-handle-different-machines-needing-different-user-accounts-or-ports-to-log-in-with
Or there is a way to try sshing as some user if the connection fails, try
another login user?
How to choose remote user according to OS?
Or it is easier to create a separate playbook for each
ansible_distribution?
Thank you!
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+***@googlegroups.com.
To post to this group, send email to ansible-***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/12e6adcc-59be-42c8-ba78-c63bb8927efc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Brian Coca
2015-07-10 21:28:32 UTC
Permalink
There are several ways, the easiest is if your inventory script
provides OS info:

remote_user: "{{ansible_distibution == 'Fedora'|ternary('fedora', 'root')

If you have no info ahead of time you can test connecting and then use
group_by (example below) or the same expression above on the result
var. If using group_by you can preset group_vars/fedora =>
ansible_ssh_user: fedora

- hosts: all
remote_user: root
gather_facts: False
tasks:
- ping:
register: rootlogin
ignore_errors: yes

- group_by: key=fedora
when: rootlogin|failed
--
Brian Coca
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+***@googlegroups.com.
To post to this group, send email to ansible-***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAJ5XC8nwc08X1W7ghJzZmce3Ka%2BDS3OCnokZMeZupf-jQoZ0ew%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Adam R.
2015-07-14 03:25:49 UTC
Permalink
Thank you Brian for your reply.

Based on your suggestions, i created this playbook:
(create two groups and then apply the role to each subset)


- hosts: all
remote_user: root
gather_facts: false
tasks:
- ping:
register: rootlogin
ignore_errors: true
- group_by: key=fedora-user
when: rootlogin|failed
- group_by: key=root-user
when: rootlogin|success

- name: Execute play for CentOS instances
hosts: root-user
remote_user: root
roles:
- { role: path/to_role }

- name: Execute play for Fedora instances
hosts: fedora-user
remote_user: fedora
sudo: yes
sudo_user: root
roles:
- { role: path/to_role }


The problem is that only the root-user group it is created.

created 'group_by' ActionModule: key=stage-root-user


No fedora-user group was created. When it comes the time to execute the rol
for the fedora instances.

skipping: no hosts matched


I did also tried, create the two groups using multi plays(same idea), but
the groups were created with the same elements:



- name: Group CentOS instances
hosts: all
remote_user: root
gather_facts: no
# ignore_errors: true
tasks:
- name: remote_user is root
group_by: key=root_user
ignore_errors: true

- name: Group Fedora instances
hosts: all
gather_facts: no
remote_user: fedora
sudo: yes
sudo_user: root
tasks:
- name: remote_user is fedora
group_by: key=fedora_user
ignore_errors: true

- name: Execute play for CentOS instances
hosts: root_user
remote_user: root
roles:
- { role: path/to_role }

- name: Execute play for Fedora instances
hosts: fedora_user
remote_user: fedora
sudo: yes
sudo_user: root
roles:
- { role: path/to_role }


FATAL: no hosts matched or all hosts have already failed -- aborting




Thank you!


Ansible 1.9
Post by Brian Coca
There are several ways, the easiest is if your inventory script
remote_user: "{{ansible_distibution == 'Fedora'|ternary('fedora', 'root')
If you have no info ahead of time you can test connecting and then use
group_by (example below) or the same expression above on the result
var. If using group_by you can preset group_vars/fedora =>
ansible_ssh_user: fedora
- hosts: all
remote_user: root
gather_facts: False
register: rootlogin
ignore_errors: yes
- group_by: key=fedora
when: rootlogin|failed
--
Brian Coca
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+***@googlegroups.com.
To post to this group, send email to ansible-***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/3da95f00-b712-4745-8498-983cbaf365ed%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Brian Coca
2015-07-14 04:14:19 UTC
Permalink
you really only need 1 group, not sure why both did not get created though.

with one group you can have these play targets:

- hosts: group

- hosts: all:!group

^ first will target all hosts in the group, the 2nd all hosts NOT in the group.
--
Brian Coca
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+***@googlegroups.com.
To post to this group, send email to ansible-***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAJ5XC8koJgBUhPu5ocvaxiANY5e8Jmrb9%3DDvuvZ8H_jKWWVwTA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Adam R.
2015-07-20 21:57:36 UTC
Permalink
Hello Brian,


I have made some tests and it seems that hosts conditional it is not
working for the instances that cannot login (either root or fedora, tested
both).

First test:

If i create the group according to fedora access rules, the group for the
centos instances it is not created:

---

- name: upgrade packages
hosts: all
remote_user: fedora
sudo: yes
sudo_user: root
gather_facts: false
tasks:
- ping:
register: fedoralogin
ignore_errors: yes
- group_by: key=fedora
when: fedoralogin|success

- name: upgrade centos instances
hosts: all:!fedora
remote_user: root
roles:
- { role: infraops/upgrade_packages}


The group_by creates the fedora group, with the correct instance. but
all:!fedora it is empty: FATAL: no hosts matched or all hosts have already
failed -- aborting (ignore_errors is set to yes)


In the same fashion if the script is changed to remote_user: root (thus
accessing CentOS instances), the group_by


- name: upgrade packages
hosts: all
remote_user: root
gather_facts: false
tasks:
- ping:
register: rootlogin
ignore_errors: yes
- group_by: key=fedora
when: rootlogin|failed

- name: upgrade fedora instances
hosts: fedora
remote_user: fedora
sudo: yes
sudo_user: root
roles:
- { role: infraops/upgrade_packages}


fedora group_by it is not created, (the only user that was able to login
into the instance is root -- CentOS instance)

fatal: [X.X.X.X] => failed to transfer file to Please login as the user
"fedora" rather than the user "root"./ping:



So i have been able to capture hosts that the remote_user can login into
the hosts, the complement it is not captured.


Thank you!
Post by Brian Coca
you really only need 1 group, not sure why both did not get created though.
- hosts: group
- hosts: all:!group
^ first will target all hosts in the group, the 2nd all hosts NOT in the group.
--
Brian Coca
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+***@googlegroups.com.
To post to this group, send email to ansible-***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/02d65932-5e8f-4afd-bd7a-81169e713958%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Loading...