Menu
I'm currently writting an Ansible script which should update openssl on every host running Debian or CentOS. On the hosts our SSH-Keys are deposited for my own user or root. I want to check if my user is existing on the host, if not I want to authenticate with the root user. Is there a possibility to do this? I tried it with a bash command but I want to check if my user exists before I'm running the tasks. Maybe there are other solutions to my problem but I don't know them. Running this playbook throws a syntax error. My Script looks like this right now:
---
- hosts: "{{ host_group }}"
remote_user: "{{ username }}"
tasks:
# Check whether there's a existinig user or whether you have to use root
- name: Check whether there's your user on the machine
action: shell /usr/bin/getent passwd $username | /usr/bin/wc -l | tr -d ''
register: user_exist
remote_user: root
when: user_exist.stdout == 0
tags:
- users
# Install openssl on Ubuntu or Debian
- name: Install openssl on Ubuntu or Debian
become: True
become_user: root
apt: name=openssl state=latest
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
# Install openssl on CentOS or RHEL
- name: Install openssl on CentOS or RHEL
become: True
become_user: root
yum: name=openssl state=latest
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
240
You can simply use the getent module. If the user is present, the play will continue. If the user does not exist, the play will fail.
Testing Connectivity to Nodes To test that Ansible is able to connect and run commands and playbooks on your nodes, you can use the following command: ansible all -m ping.
By default, Ansible connects to all remote devices with the user name you are using on the control node. If that user name does not exist on a remote device, you can set a different user name for the connection. If you just need to do some tasks as a different user, look at Understanding privilege escalation: become.
By default, Ansible ships with several connection plugins. The most commonly used are the paramiko SSH, native ssh (just called ssh), and local connection types. All of these can be used in playbooks and with /usr/bin/ansible to decide how you want to talk to remote machines.
A more native and elegant way to test your SSH connection is with the Ansible ping module (which verifies the end-to-end SSH connection, not ICMP), and to use the playbook keyword ignore_unreachable, which was added in Ansible 2.7.
The technique below puts SSH testing into its own play where facts are not gathered; subsequent plays will gather facts as normal:
---
###
## First play: Dynamically configure SSH user
##
- hosts: "{{ host_group }}"
gather_facts: false # don't try to ssh yet!!
vars:
ansible_ssh_user: "{{ username }}"
tasks:
- name: "Test SSH connection"
ping: # <-- no args needed
ignore_unreachable: true
ignore_errors: true
changed_when: false
register: ssh_test
- name: "Fall back to root user?"
when: ssh_test.unreachable is defined
connection: local
set_fact:
ansible_ssh_user: root
###
## Next play: Install Stuff
###
- hosts: "{{ host_group }}"
tasks:
- name: Install openssl on Ubuntu or Debian
# ...
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
