Reputation: 689
Vagrant provision multiple playbooks with multiple ssh users
I'm trying to provision a vm using vagrant's ansible provisioner. But I have two playbooks and both need to use different ssh users. My use case is this, I have a pre-provisioning script that runs under the vagrant ssh user that is set up by default. My pre-provision script then adds a different ssh user provisioner that is set up to ssh onto the VM with its own key. The actual provision script has a task that deletes the insecure vagrant user on the system so it has to run as a different ssh user, provsioner, the user that the pre-provisioner creates.
I can not figure out how to change the ssh user in the Vagrantfile. Example below is how far I've gotten. Despite changing the config.ssh.username vagrant always sets the ssh user to the last value, in this case provisioner and that doesn't authenticate when running the pre-provision script because it hasn't been created yet.
Can I override the ssh user somehow? Maybe with an ansible variable itself inside the do |ansible| block (below)?
Is what I'm trying to achieve possible? It seems so straightforward I'm shocked I'm having this much trouble with it.
VAGRANTFILE_API_VERSION = "2"
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
config.vm.box = "base_box"
config.vm.box_url = "s3://bucket/base-box/base.box"
config.vm.network "private_network", ip: "10.0.3.10"
config.ssh.keep_alive = true
config.vm.define "vagrant_image"
config.vm.provision "ansible" do |ansible_pre|
config.ssh.username = "vagrant"
ansible_pre.playbook = "provisioning/pre_provisioning.yml"
ansible_pre.host_vars = {
"vagrant_image" => {
"ansible_host" => "127.0.0.1",
}
}
ansible_pre.vault_password_file = ENV['ANSIBLE_VAULT_PASSWORD_FILE']
end
config.vm.provision "ansible" do |ansible|
config.ssh.username = "provisioner"
ansible.playbook = "provisioning/provisioning.yml"
ansible.host_vars = {
"vagrant_image" => {
"ansible_host" => "127.0.0.1",
}
}
ansible.vault_password_file = ENV['ANSIBLE_VAULT_PASSWORD_FILE']
end
end
(In case you were wondering the s3 box url only works because I've installed the vagrant-s3auth (1.3.2) plugin)
Upvotes: 0
Views: 463
Answers (1)
Reputation: 68439
You can set it in several places. Vagrantfile (but not config, it will be overridden), through Ansible extravars:
config.vm.provision "ansible" do |ansible_pre|
ansible_pre.playbook = "provisioning/pre_provisioning.yml"
ansible_pre.host_vars = {
"vagrant_image" => {
"ansible_host" => "127.0.0.1",
}
}
ansible_pre.extra_vars = {
ansible_user: "vagrant"
}
ansible_pre.vault_password_file = ENV['ANSIBLE_VAULT_PASSWORD_FILE']
end
config.vm.provision "ansible" do |ansible|
ansible.playbook = "provisioning/provisioning.yml"
ansible.host_vars = {
"vagrant_image" => {
"ansible_host" => "127.0.0.1",
}
ansible.extra_vars = {
ansible_user: "provisioner"
}
ansible.raw_ssh_args = "-i /path/to/private/key/id_rsa"
ansible.vault_password_file = ENV['ANSIBLE_VAULT_PASSWORD_FILE']
end
But you can also write a single playbook and switch users inside. See ansible_user and meta: reset_connection.
Upvotes: 1
Related Questions
- How do I run different playbooks in different guests in a vagrant environment
- Vagrant: multiple playbooks for ansible provisioner
- Ansible & Vagrant development environment
- Anisble running through playbook twice after all Virtual Machines are done building in Vagrant
- Running Ansible playbooks on remote Vagrant box
- Multi-machine ansible setup with vagrant on windows
- Combining Ansible with Vagrant
- Vagrant multi-machine provisioning
- Separate ansible provisioning playbooks in vagrant
- Multiple reverse ssh to provision Vagrant with Ansible