Ansible remote_user vs ansible_user

2019-02-05 20:17发布

问题:

The question is simple: what is the difference between ansible_user (former ansible_ssh_user) and remote_user in Ansible, besides that the first one is set if configuration file and the latter one is set in plays / roles? How do they relate to -u / --user command line options?

回答1:

They both seem to be the same. Take a look here:

https://github.com/ansible/ansible/blob/c600ab81ee/lib/ansible/playbook/play_context.py#L46-L55

# the magic variable mapping dictionary below is used to translate
# host/inventory variables to fields in the PlayContext
# object. The dictionary values are tuples, to account for aliases
# in variable names.

MAGIC_VARIABLE_MAPPING = dict(
   connection       = ('ansible_connection',),
   remote_addr      = ('ansible_ssh_host', 'ansible_host'),
   remote_user      = ('ansible_ssh_user', 'ansible_user'),
   port             = ('ansible_ssh_port', 'ansible_port'),

Besides, ansible_user is used when we want to specifiy default SSH user in ansible hosts file where as remote_user is used in playbook context.

From https://github.com/ansible/ansible/blob/c600ab81ee/docsite/rst/intro_inventory.rst

ansible_user The default ssh user name to use.

and here is an example of using ansible_user in ansible hosts file:

[targets]

localhost              ansible_connection=local
other1.example.com     ansible_connection=ssh        ansible_user=mpdehaan
other2.example.com     ansible_connection=ssh        ansible_user=mdehaan


回答2:

One difference between remote_user and ansible_user:
When you run a role with different users from a playbook, e.g.:

- name: Apply user configuration to user root 
  hosts: all
  remote_user: root
- name: Apply user configuration to user murphy
  hosts: all
  remote_user: murphy

Then you can perform a conditional task for a distinct user by using "when: ansible_user == .." but not with "when: remote_user == ..". e.g.:

- name: Add user murphy to wheel group
  user:
    name: murphy
    groups: wheel
    append: yes
  when: ansible_user == "root"