Ansible gotchas

  • Tasks do not like having the remote_user changed mid-playbook if you specify a SSH password
    • Specifically, having an ‘ansible’ user created as the first task, then using that for everything in the rest of the playbook doesn’t work because ansible will always attempt to use the declared password for the newly created user, which promptly fails
    • Solution: Separate runbooks!
    • People debate the usefulness of a separate config account, since it’s effectively root + key-based login. They have a point, since I can get the same security with disabling password-based auth.
  • If your inventory file is +x, ansible will attempt to execute it, even if it is the standard inventory list (.INI-format plain text)
  • I’m liking the look of the Ansible for DevOps book
  • Ansible will automatically import GPG keys during a yum install if the matching GPG key hasn’t been imported yet (Seen after installing EPEL, then installing a package from there)
  1. No comments yet.
(will not be published)