Order of precedence
The connection variable defined at the command line have a lower priority that the connection variables defined elsewehere (such as playbook,…).See Playbook Variable
- The playbook defines ramon as connection user.
--- - hosts: all remote_user: ramon # connection user must be ramon
- At the command line, we set the connection user to lola
ansible -u lola myhost
- but the connection is still made as ramon because the value from the variable takes priority. See Playbook Variable
A connection_variable can be:
- for a user authentication
- ansible_user=admin (The old one was ansible_ssh_user)
- ansible_password=password (The old one was ansible_ssh_pass)
- for a private key authentication
- ansible_ssh_private_key_file=my-privkey-openssh.pem – Private key file used by ssh. Useful if using multiple keys and you don’t want to use SSH agent. - (On the clis (ansible, ansible-playbook, see the --private-key= option) - The file must be in the pem format.
- for authorization escalation during the run
- for host definition
- for connection type
- ansible_connection Default: smart, may be get the value local and given via:
- the cli option --connection
- the connection property of a play
Passing password at the command line
ansible-playbook playbook.yml -i inventory.ini --extra-vars "ansible_sudo_pass=yourPassword"
There is no option to store passphrase-protected private key. See the note in List of Behavioral Inventory Parameters.
You need to:
- use a ssh-agent to bypass the passphrase.
- ansible_port: 5986
- ansible_connection: winrm
- ansible_winrm_server_cert_validation: ignore
- ansible_winrm_transport: ntlm
- ansible_user: [email protected]_domain.com
- ansible_password: xxxxxxx
Make sure you have ran ConfigureRemotingForAnsible.ps1 on your windows host
You can define the running user with the help of this two variable:
- ansible_user ( in a inventory file)
- remote_user in a Playbook
If the ansible_user is defined in a inventory file, the remote_user value will have no effect because of order of precedence. You need to become instead. See 20045
- With the below inventory file where the password are defined
hostName ansible_host=22.214.171.124 ansible_ssh_pass=Gam5sKZ8g6Q ansible_become_pass=GuCZWuGam5sKZ8g6Q
--- - hosts: all become: yes become_user: install_user
- Within a Playbook where the login user are defined with remote_user (Don't set the ansible_user)
--- - hosts: all remote_user: login_user become: yes become_user: install_user
- You can start the playbook and make a connection with ansible-playbook
ansible-playbook playbook.yml -i hosts.ini
Ansible get the privaye key:
- from the ssh-agent. (You need to add them first)
- from the ansible_ssh_private_key_file variable
- or from the --private-key cli option.