- Tasks do not like having the remote_user changed mid-playbook if you specify a SSH password
- Specifically, having an ‘ansible’ user created as the first task, then using that for everything in the rest of the playbook doesn’t work because ansible will always attempt to use the declared password for the newly created user, which promptly fails
- Solution: Separate runbooks!
- I kind of like the idea of having a new server group defined for the initial playbook
- People debate the usefulness of a separate config account, since it’s effectively root + key-based login. They have a point, since I can get the same security with disabling password-based auth.
- If your inventory file is +x, ansible will attempt to execute it, even if it is the standard inventory list (.INI-format plain text)
- Particularly annoying for me because I’m running ansible in a VirtualBox-powered VM, and using shared folders. Which translates to permissions of 777 in the shared folder in the Linux VM, and can’t be changed
- Solution: Python script that dumps host list to JSON
- The Ansible docs aren’t the greatest – groups of groups are possible in the static inventory list, but in a dynamic list you need to declare a empty list of hosts, thanks to a naive assumption in the ansible core
- I’m liking the look of the Ansible for DevOps book
- Ansible will automatically import GPG keys during a yum install if the matching GPG key hasn’t been imported yet (Seen after installing EPEL, then installing a package from there)
Ansible gotchas
- No comments yet.