About
Articles Related
Order of precedence
The connection variable defined at the command line have a lower priority that the connection variables defined elsewehere (such as playbook,…).See Playbook Variable
Example:
- The playbook defines ramon as connection user.
---
- hosts: all
remote_user: ramon # connection user must be ramon
- At the command line, we set the connection user to lola
ansible -u lola myhost
- but the connection is still made as ramon because the value from the variable takes priority. See Playbook Variable
Variable
A connection_variable can be:
- for a user authentication
- ansible_user=admin (The old one was ansible_ssh_user)
- ansible_password=password (The old one was ansible_ssh_pass)
- ansible_connection=ssh
- for a private key authentication
- ansible_ssh_private_key_file=my-privkey-openssh.pem – Private key file used by ssh. Useful if using multiple keys and you don’t want to use SSH agent. - (On the clis (ansible, ansible-playbook, see the --private-key= option) - The file must be in the pem format.
- for authorization escalation during the run
- ansible_become=yes
- ansible_become_user=install_user
- ansible_become_pass=welcome1
- ansible_become_method=sudo
- ansible_sudo_pass=password
- for host definition
- ansible_host=192.0.2.50
- ansible_host=hostname
- ansible_port=22
- for connection type
- ansible_connection Default: smart, may be get the value local and given via:
- the cli option --connection
- the connection property of a play
Passing password at the command line
ansible-playbook playbook.yml -i inventory.ini --extra-vars "ansible_sudo_pass=yourPassword"
Private Key
There is no option to store passphrase-protected private key. See the note in List of Behavioral Inventory Parameters.
You need to:
- use a ssh-agent to bypass the passphrase.
Non-Ssh
https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html#non-ssh-connection-types
Windows
- ansible_port: 5986
- ansible_connection: winrm
- ansible_winrm_server_cert_validation: ignore
- ansible_winrm_transport: ntlm
- ansible_user: user@windows_domain.com
- ansible_password: xxxxxxx
Make sure you have ran ConfigureRemotingForAnsible.ps1 on your windows host
Connection Type
List
See ansible/ansible/tree/devel/lib/ansible/plugins/connection
User connection
You can define the running user with the help of this two variable:
- ansible_user ( in a inventory file)
- remote_user in a Playbook
If the ansible_user is defined in a inventory file, the remote_user value will have no effect because of order of precedence. You need to become instead. See 20045
Example:
- With the below inventory file where the password are defined
hostName ansible_host=13.72.199.20 ansible_ssh_pass=Gam5sKZ8g6Q ansible_become_pass=GuCZWuGam5sKZ8g6Q
---
- hosts: all
become: yes
become_user: install_user
- Within a Playbook where the login user are defined with remote_user (Don't set the ansible_user)
---
- hosts: all
remote_user: login_user
become: yes
become_user: install_user
- You can start the playbook and make a connection with ansible-playbook
ansible-playbook playbook.yml -i hosts.ini
Private Key
Ansible get the privaye key:
- from the ssh-agent. (You need to add them first)
- from the ansible_ssh_private_key_file variable
- or from the --private-key cli option.