Ansible - Connection

Card Puncher Data Processing


Connection parameters to hosts are given through variable.

Connection Properties


You can define the running user with the help of this two variable:

If the ansible_user is defined in a inventory file, the remote_user value will have no effect because of order of precedence. You need to become instead. See 20045


hostName ansible_host= ansible_ssh_pass=Gam5sKZ8g6Q ansible_become_pass=GuCZWuGam5sKZ8g6Q

- hosts: all 
  become: yes
  become_user: install_user

  • Within a Playbook where the login user are defined with remote_user (Don't set the ansible_user)
- hosts: all 
  remote_user: login_user
  become: yes
  become_user: install_user

ansible-playbook playbook.yml -i hosts.ini

Connection Type

The variable is ansible_connection by default ssh


  • ansible_connection=ssh

See ansible/ansible/tree/devel/lib/ansible/plugins/connection

Windows WinRm

  • ansible_port: 5986
  • ansible_connection: winrm
  • ansible_winrm_server_cert_validation: ignore
  • ansible_winrm_transport: ntlm
  • ansible_user:
  • ansible_password: xxxxxxx

Make sure you have ran ConfigureRemotingForAnsible.ps1 on your windows host

Authentication code

Private Key

Ansible get the private key:

  • from the ssh-agent. (You need to add them first)
  • from the ansible_ssh_private_key_file variable
  • or from the --private-key cli option.

There is no option to store passphrase-protected private key. See the note in List of Behavioral Inventory Parameters.

You need to:


Passing password at the command line:

ansible-playbook playbook.yml -i inventory.ini  --extra-vars "ansible_sudo_pass=yourPassword"

Authorization escalation

  • for authorization escalation during the run
    • ansible_become=yes
    • ansible_become_user=install_user
    • ansible_become_pass=welcome1
    • ansible_become_method=sudo
    • ansible_sudo_pass=password

Host definition

The hosts are generally defined as an inventory group name in the playbook

- hosts: hostnamepattern

Single host:

  • ansible_host=
  • ansible_host=hostname


  • ansible_port=22

Variable Order of precedence

The connection variable defined at the command line have a lower priority that the connection variables defined elsewehere (such as playbook,…).See Playbook Variable


  • The playbook defines ramon as connection user.
- hosts: all
  remote_user: ramon # connection user must be ramon
  • At the command line, we set the connection user to lola
ansible -u lola myhost
  • but the connection is still made as ramon because the value from the variable takes priority. See Playbook Variable

Documentation / Reference

Discover More
Card Puncher Data Processing
Ansible - Ad-hoc command

Adhoc command are command executed as in the shell via ansible. You can therefore execute command on a whole cluster of server. This is because the default module of the ansible command line is command...
Card Puncher Data Processing
Ansible - Become (privilege escalation)

become is an interface where plugins are implemented to give more privilege to the connected user (ansible_user) for escalation authentication...
Card Puncher Data Processing
Ansible - Host (system)

A host may have zero or more than one group (ie webserver and a dbserver). In a inventory file as playbook variable. Example Variable that are defined on the group level can be defined:...
Card Puncher Data Processing
Ansible - Inventory

inventory is a file that define the following entity: the hosts the group of host the child relationship between group and variables (connection variable,...). The preferred practice in Ansible...
Card Puncher Data Processing
Ansible - Playbook

Playbook is the language of Ansible. Ansible modules are the function Playbooks are declarative instruction written in Yaml that run module functions A playbook is a list of play. Playbooks are:...

Share this page:
Follow us:
Task Runner