There are two ways to solve this problem.
Method #1: Force username and password while using ssh
The syntax is:
export ANSIBLE_HOST_KEY_CHECKING=false
ansible --user {user} --ask-pass -i {inventory} {hostname} -a "command" -c paramiko
ansible --user root --ask-pass -i ~/myhosts www1 -a "uptime" -c paramiko
ansible --user root --ask-pass -i ~/myhosts cluster -a "/bin/date" -c paramiko
First create an inventory file using cat command:
$ cat inventory
[cluster]
ln.cbz01
ln.cbz01
ln.cbz01
ln.cbz01
For example, run date command on all hosts in cluster with root user and prompt for root user password, run:
$ export ANSIBLE_HOST_KEY_CHECKING=false
$ ansible --user root --ask-pass -i inventory cluster\
-a "/bin/date" -c paramiko
Sample outputs:
Fig.01: Setting up default Ansible username/password for ssh connection
- export ANSIBLE_HOST_KEY_CHECKING=false : Host key checking enabled by default and it can be disabled with this option. Otherwise you may get an error that read as ‘The authenticity of host ‘ln.cbz01’ can’t be established.‘
- --user root :Connect as root user for ssh.
- --ask-pass : Ask for connection password for ssh.
- -i inventory : Set inventory file name.
- cluster : Set host names or variable
- -a "/bin/date" : Run /bin/date command all given hosts
- -c paramiko : Use paramiko module for ssh connection.
Please note that SSH keys are recommended but password authentication can be used as explained earlier. See method #2 below for more info on how to setup ssh keys for login.
A note about setting up the connection type and user on a per host basis in inventory file
The syntax is:
$ cat inventory
[cluster]
ln.cbz01 ansible_connection=ssh ansible_user=vivek
ln.cbz01 ansible_connection=ssh ansible_user=root
ln.cbz01 ansible_connection=ssh ansible_user=root
############### WARNING #################
## never do the following i.e. never store
## the root account ssh password to use in
## a text file
##########################################
ln.cbz01 ansible_connection=ssh ansible_user=root ansible_ssh_pass=foo
Method #2: Set and use ssh keys (recommended)
Create ssh keys if not created, run:
## [ Set password for your keys ] ##
$ ssh-keygen -t rsa
## [ Copy pub key to all remote boxes ] ##
$ ssh-copy-id -i $HOME/.ssh/id_rsa.pub root@ln.cbz01
$ ssh-copy-id -i $HOME/.ssh/id_rsa.pub root@ln.cbz02
$ ssh-copy-id -i $HOME/.ssh/id_rsa.pub root@ln.cbz03
$ ssh-copy-id -i $HOME/.ssh/id_rsa.pub root@ln.cbz04
## [ Test it ] ##
$ ssh root@ln.cbz01
## [ Set up SSH agent to avoid retyping passwords ] ##
$ ssh-agent bash
$ ssh-add ~/.ssh/id_rsa
## [ Run ansible ] ##
$ ansible all -m ping
$ ansible -i inventory cluster -a "/bin/date"
🐧 Get the latest tutorials on Linux, Open Source & DevOps via:
- RSS feed or Weekly email newsletter
- Share on Twitter • Facebook • 1 comment... add one ↓
| Category | List of Unix and Linux commands |
|---|---|
| File Management | cat |
| Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
| Network Utilities | dig • host • ip • nmap |
| OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
| Package Manager | apk • apt |
| Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
| Searching | grep • whereis • which |
| User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
| WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
Don’t forget about become_user and become_user_pass flags in the event that sudo is not available and need to su to root.