The question is simple: what is the difference between ansible_user
(former ansible_ssh_user
) and remote_user
in Ansible, besides that the first one is set if configuration file and the latter one is set in plays / roles? How do they relate to -u
/ --user
command line options?
问题:
回答1:
They both seem to be the same. Take a look here:
https://github.com/ansible/ansible/blob/c600ab81ee/lib/ansible/playbook/play_context.py#L46-L55
# the magic variable mapping dictionary below is used to translate
# host/inventory variables to fields in the PlayContext
# object. The dictionary values are tuples, to account for aliases
# in variable names.
MAGIC_VARIABLE_MAPPING = dict(
connection = ('ansible_connection',),
remote_addr = ('ansible_ssh_host', 'ansible_host'),
remote_user = ('ansible_ssh_user', 'ansible_user'),
port = ('ansible_ssh_port', 'ansible_port'),
Besides, ansible_user
is used when we want to specifiy default SSH user in ansible hosts file where as remote_user
is used in playbook context.
From https://github.com/ansible/ansible/blob/c600ab81ee/docsite/rst/intro_inventory.rst
ansible_user The default ssh user name to use.
and here is an example of using ansible_user
in ansible hosts
file:
[targets]
localhost ansible_connection=local
other1.example.com ansible_connection=ssh ansible_user=mpdehaan
other2.example.com ansible_connection=ssh ansible_user=mdehaan
回答2:
One difference between remote_user and ansible_user:
When you run a role with different users from a playbook, e.g.:
- name: Apply user configuration to user root
hosts: all
remote_user: root
- name: Apply user configuration to user murphy
hosts: all
remote_user: murphy
Then you can perform a conditional task for a distinct user by using "when: ansible_user == .." but not with "when: remote_user == ..". e.g.:
- name: Add user murphy to wheel group
user:
name: murphy
groups: wheel
append: yes
when: ansible_user == "root"