How to login with root password when using Ansible tool

last updated in Categories , , , , , ,

I need to run a Linux command over 20 servers using a root user and password in Ansible too. How do I pass a user and password in Ansible over ssh based session? How can I set a default Ansible username/password for ssh connection?

There are two ways to solve this problem.

Method #1: Force username and password while using ssh

The syntax is:
export ANSIBLE_HOST_KEY_CHECKING=false
ansible --user {user} --ask-pass -i {inventory} {hostname} -a "command" -c paramiko
ansible --user root --ask-pass -i ~/myhosts www1 -a "uptime" -c paramiko
ansible --user root --ask-pass -i ~/myhosts cluster -a "/bin/date" -c paramiko

First create an inventory file using cat command:
$ cat inventory
[cluster]
ln.cbz01
ln.cbz01
ln.cbz01
ln.cbz01
For example, run date command on all hosts in cluster with root user and prompt for root user password, run:
$ export ANSIBLE_HOST_KEY_CHECKING=false
$ ansible --user root --ask-pass -i inventory cluster\
-a "/bin/date" -c paramiko
Sample outputs:

Fig.01: Setting up default Ansible username/password for ssh connection
Fig.01: Setting up default Ansible username/password for ssh connection

Where,

  • export ANSIBLE_HOST_KEY_CHECKING=false : Host key checking enabled by default and it can be disabled with this option. Otherwise you may get an error that read as ‘The authenticity of host ‘ln.cbz01’ can’t be established.
  • --user root :Connect as root user for ssh.
  • --ask-pass : Ask for connection password for ssh.
  • -i inventory : Set inventory file name.
  • cluster : Set host names or variable
  • -a "/bin/date" : Run /bin/date command all given hosts
  • -c paramiko : Use paramiko module for ssh connection.

Please note that SSH keys are recommended but password authentication can be used as explained earlier. See method #2 below for more info on how to setup ssh keys for login.

A note about setting up the connection type and user on a per host basis in inventory file

The syntax is:
$ cat inventory
[cluster]
ln.cbz01 ansible_connection=ssh ansible_user=vivek
ln.cbz01 ansible_connection=ssh ansible_user=root
ln.cbz01 ansible_connection=ssh ansible_user=root
############### WARNING #################
## never do the following i.e. never store
## the root account ssh password to use in
## a text file
##########################################
ln.cbz01 ansible_connection=ssh ansible_user=root ansible_ssh_pass=foo

Method #2: Set and use ssh keys (recommended)

Create ssh keys if not created, run:
## [ Set password for your keys ] ##
$ ssh-keygen -t rsa
## [ Copy pub key to all remote boxes ] ##
$ ssh-copy-id -i $HOME/.ssh/id_rsa.pub root@ln.cbz01
$ ssh-copy-id -i $HOME/.ssh/id_rsa.pub root@ln.cbz02
$ ssh-copy-id -i $HOME/.ssh/id_rsa.pub root@ln.cbz03
$ ssh-copy-id -i $HOME/.ssh/id_rsa.pub root@ln.cbz04
## [ Test it ] ##
$ ssh root@ln.cbz01
## [ Set up SSH agent to avoid retyping passwords ] ##
$ ssh-agent bash
$ ssh-add ~/.ssh/id_rsa
## [ Run ansible ] ##
$ ansible all -m ping
$ ansible -i inventory cluster -a "/bin/date"

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

1 comment

  1. Don’t forget about become_user and become_user_pass flags in the event that sudo is not available and need to su to root.

    Have a question? Post it on our forum!

Tagged as: Tags , ,