Ansible: Check if my user exists on remote host, else use root user to connect with ssh

Question 1

I’m currently writting an Ansible script which should update openssl on every host running Debian or CentOS. On the hosts our SSH-Keys are deposited for my own user or root. I want to check if my user is existing on the host, if not I want to authenticate with the root user. Is there a possibility to do this? I tried it with a bash command but I want to check if my user exists before I’m running the tasks. Maybe there are other solutions to my problem but I don’t know them. Running this playbook throws a syntax error. My Script looks like this right now:

---
- hosts: "{{ host_group }}" 
  remote_user: "{{ username }}"
  tasks:

# Check whether there's a existinig user or whether you have to use root
    - name: Check whether there's your user on the machine
      action: shell /usr/bin/getent passwd $username | /usr/bin/wc -l | tr -d ''
      register: user_exist
      remote_user: root
      when: user_exist.stdout == 0
      tags:
         - users

# Install openssl on Ubuntu or Debian
    - name: Install openssl on Ubuntu or Debian
      become: True
      become_user: root
      apt: name=openssl state=latest
      when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'

# Install openssl on CentOS or RHEL
    - name: Install openssl on CentOS or RHEL
      become: True
      become_user: root
      yum: name=openssl state=latest
      when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

---

- hosts: "{{ host_group }}"

remote_user: "{{ username }}"

tasks:

# Check whether there's a existinig user or whether you have to use root

- name: Check whether there's your user on the machine

action: shell /usr/bin/getent passwd $username | /usr/bin/wc -l | tr -d ''

register: user_exist

remote_user: root

when: user_exist.stdout == 0

tags:

- users

# Install openssl on Ubuntu or Debian

- name: Install openssl on Ubuntu or Debian

become: True

become_user: root

apt: name=openssl state=latest

when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'

# Install openssl on CentOS or RHEL

- name: Install openssl on CentOS or RHEL

become: True

become_user: root

yum: name=openssl state=latest

when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'

Question 2

You can test the connection with local_action first.
Ansible need to know how to connect to the host for sure, otherwise it will trigger host unreachable error and skip remaining tasks for that host.
Something like this:

- hosts: myservers
  gather_facts: no  # or it will fail on the setup step
  tasks:
    - name: Test user
      local_action: "command ssh -q -o BatchMode=yes -o ConnectTimeout=3 {{ inventory_hostname }} 'echo ok'"
      register: test_user
      ignore_errors: true
      changed_when: false

    - name: Do useful stuff
      remote_user: "{{ test_user | success | ternary(omit, 'root') }}"
      command: echo ok

1

2

3

4

5

6

7

8

9

10

11

12

13

- hosts: myservers

gather_facts: no # or it will fail on the setup step

tasks:

- name: Test user

local_action: "command ssh -q -o BatchMode=yes -o ConnectTimeout=3 {{ inventory_hostname }} 'echo ok'"

register: test_user

ignore_errors: true

changed_when: false

- name: Do useful stuff

remote_user: "{{ test_user | success | ternary(omit, 'root') }}"

command: echo ok

Ansible: Check if my user exists on remote host, else use root user to connect with ssh

Question:

Answer:

Leave a Reply Cancel reply