Skip to content

Instantly share code, notes, and snippets.

@gamename

gamename/gist:40685cdc2e254e4f04cf6148c696041b

Last active June 15, 2020 20:11
Show Gist options
  • Save gamename/40685cdc2e254e4f04cf6148c696041b to your computer and use it in GitHub Desktop.
Save gamename/40685cdc2e254e4f04cf6148c696041b to your computer and use it in GitHub Desktop.
Download ZIP
Ansible user issue
Raw
gistfile1.md

Setup

  1. Passwords, not keys are used for ssh
  2. The target is accessed via the bastion host (ssh -> bastion -> target)
  3. The password is kept in an encrypted file that is accessed based on the ansible_user name
  4. When decrypted, the password is bastion

Command

$ ansible -i ./inventory/debug -m debug -a 'var=foo' -kKu ansible all

Command Output

target | FAILED! => {
    "msg": "The field 'ssh_common_args' has an invalid value, which includes an undefined variable. The error was: 'ansible_user' is undefined"
}
bastion | SUCCESS => {
    "foo": "-o ProxyCommand=\"sshpass -p bastion ssh -o StrictHostKeyChecking=no -W %h:%p -q [email protected].\""
}

Problem

  1. The password is correctly accessed and resolved for foo for bastion, but foo cannot be resolved for the target host.

The inventory file (called "debug")

all:
  vars:
    env: 3.21.247.xxx
    password: "{{lookup('file', inventory_dir + '/../users/' + ansible_user + '.yml')}}"
    foo: "-o ProxyCommand=\"sshpass -p {{password}} ssh -o StrictHostKeyChecking=no -W %h:%p -q ansible@{{env}}.\""
  children:
    bastions:
      hosts:
        bastion:
          ansible_host: "{{ env }}"
    nv:
       children:
         targets:
           hosts:
             target:
               ansible_host:  10.0.3.209
           vars:
              ansible_ssh_common_args: "{{ foo }}"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment