Ansible - Connection

> Infrastructure as code > Ansible

1 - About

Connection parameters to hosts are given through variable.

Advertising

3 - Order of precedence

The connection variable defined at the command line have a lower priority that the connection variables defined elsewehere (such as playbook,…).See order of precedence

Example:

  • The playbook defines ramon as connection user.
playbook.yml
---
- hosts: all
  remote_user: ramon # connection user must be ramon
  • At the command line, we set the connection user to lola
ansible -u lola myhost
  • but the connection is still made as ramon because the value from the variable takes priority. See order of precedence

3.1 - Variable

A connection_variable can be:

  • for a user authentication
    • ansible_user=admin (The old one was ansible_ssh_user)
    • ansible_password=password (The old one was ansible_ssh_pass)
    • ansible_connection=ssh
  • for a private key authentication
    • ansible_ssh_private_key_file=my-privkey-openssh.pem – Private key file used by ssh. Useful if using multiple keys and you don’t want to use SSH agent. - (On the clis (ansible, ansible-playbook, see the --private-key= option) - The file must be in the pem format.
  • for authorization escalation during the run
    • ansible_become=yes
    • ansible_become_user=install_user
    • ansible_become_pass=welcome1
    • ansible_become_method=sudo
    • ansible_sudo_pass=password
  • for host definition
    • ansible_host=192.0.2.50
    • ansible_host=hostname
    • ansible_port=22
  • for connection type
    • ansible_connection Default: smart, may be get the value local and given via:
Advertising

3.2 - Passing password at the command line

ansible-playbook playbook.yml -i inventory.ini  --extra-vars "ansible_sudo_pass=yourPassword"

3.3 - Private Key

There is no option to store passphrase-protected private key. See the note in List of Behavioral Inventory Parameters.

You need to:

3.4 - Non-Ssh

3.4.1 - Windows

  • ansible_port: 5986
  • ansible_connection: winrm
  • ansible_winrm_server_cert_validation: ignore
  • ansible_winrm_transport: ntlm
  • ansible_user: [email protected]_domain.com
  • ansible_password: xxxxxxx

Make sure you have ran ``ConfigureRemotingForAnsible.ps1`` on your windows host

Advertising

4 - Connection Type

4.1 - List

4.2 - User connection

You can define the running user with the help of this two variable:

If the ansible_user is defined in a inventory file, the remote_user value will have no effect because of order of precedence. You need to become instead. See 20045

Example:

hosts.ini
hostName ansible_host=13.72.199.20 ansible_ssh_pass=Gam5sKZ8g6Q ansible_become_pass=GuCZWuGam5sKZ8g6Q
playbook.yml
---
- hosts: all 
  become: yes
  become_user: install_user
  • Within a Playbook where the login user are defined with remote_user (Don't set the ansible_user)
playbook.yml
---
- hosts: all 
  remote_user: login_user
  become: yes
  become_user: install_user
ansible-playbook playbook.yml -i hosts.ini

4.3 - Private Key

Ansible get the privaye key:

  • from the ssh-agent. (You need to add them first)
  • from the ansible_ssh_private_key_file variable
  • or from the --private-key cli option.

5 - Documentation / Reference