How to login with root password when using Ansible tool

I need to run a Linux command over 20 servers using a root user and password in Ansible too. How do I pass a user and password in Ansible over ssh based session? How can I set a default Ansible username/password for ssh connection?

There are two ways to solve this problem.

Method #1: Force username and password while using ssh

The syntax is:
export ANSIBLE_HOST_KEY_CHECKING=false ansible --user {user} --ask-pass -i {inventory} {hostname} -a "command" -c paramiko ansible --user root --ask-pass -i ~/myhosts www1 -a "uptime" -c paramiko ansible --user root --ask-pass -i ~/myhosts cluster -a "/bin/date" -c paramiko
First create an inventory file using cat command:
$ cat inventory [cluster] ln.cbz01 ln.cbz01 ln.cbz01 ln.cbz01
For example, run date command on all hosts in cluster with root user and prompt for root user password, run:
$ export ANSIBLE_HOST_KEY_CHECKING=false $ ansible --user root --ask-pass -i inventory cluster\ -a "/bin/date" -c paramiko
Sample outputs:

Fig.01: Setting up default Ansible username/password for ssh connection

Where,

export ANSIBLE_HOST_KEY_CHECKING=false : Host key checking enabled by default and it can be disabled with this option. Otherwise you may get an error that read as ‘The authenticity of host ‘ln.cbz01’ can’t be established.‘
--user root :Connect as root user for ssh.
--ask-pass : Ask for connection password for ssh.
-i inventory : Set inventory file name.
cluster : Set host names or variable
-a "/bin/date" : Run /bin/date command all given hosts
-c paramiko : Use paramiko module for ssh connection.

Please note that SSH keys are recommended but password authentication can be used as explained earlier. See method #2 below for more info on how to setup ssh keys for login.

A note about setting up the connection type and user on a per host basis in inventory file

The syntax is:
$ cat inventory [cluster] ln.cbz01 ansible_connection=ssh ansible_user=vivek ln.cbz01 ansible_connection=ssh ansible_user=root ln.cbz01 ansible_connection=ssh ansible_user=root ############### WARNING ################# ## never do the following i.e. never store ## the root account ssh password to use in ## a text file ########################################## ln.cbz01 ansible_connection=ssh ansible_user=root ansible_ssh_pass=foo

Method #2: Set and use ssh keys (recommended)

Create ssh keys if not created, run:
## [ Set password for your keys ] ## $ ssh-keygen -t rsa ## [ Copy pub key to all remote boxes ] ## $ ssh-copy-id -i $HOME/.ssh/id_rsa.pub root@ln.cbz01 $ ssh-copy-id -i $HOME/.ssh/id_rsa.pub root@ln.cbz02 $ ssh-copy-id -i $HOME/.ssh/id_rsa.pub root@ln.cbz03 $ ssh-copy-id -i $HOME/.ssh/id_rsa.pub root@ln.cbz04 ## [ Test it ] ## $ ssh root@ln.cbz01 ## [ Set up SSH agent to avoid retyping passwords ] ## $ ssh-agent bash $ ssh-add ~/.ssh/id_rsa ## [ Run ansible ] ## $ ansible all -m ping $ ansible -i inventory cluster -a "/bin/date"

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

Your support makes a big difference:

I have a small favor to ask. More people are reading the nixCraft. Many of you block advertising which is your right, and advertising revenues are not sufficient to cover my operating costs. So you can see why I need to ask for your help. The nixCraft takes a lot of my time and hard work to produce. If everyone who reads nixCraft, who likes it, helps fund it, my future would be more secure. You can donate as little as $1 to support nixCraft:

Method #1: Force username and password while using ssh

A note about setting up the connection type and user on a per host basis in inventory file

Method #2: Set and use ssh keys (recommended)

Posted by: Vivek Gite

1 comment