Question:
I am using ansible 2.0
There are scripts that perform various server settings, common parts are placed in roles, etc. The configuration is performed on each server under the automate_ansible account, which can passwordless sudo: remote_user is registered in ansible_config, all scripts have the line become — in general, everything has been working for a long time.
Everything is fine, except that you need to create this user initially. There is just one script that connects to the server as root, creates ansbile user, and makes some settings according to corporate standards.
The pain and sadness is that this script is the only non-idemponent one: among its steps there is one step in which the ssh connection is disabled by the root user and therefore, as soon as you execute the script, all the others are already working, but this one will already crash with an error connection to the server.
And I really want to be able to run this script again so that ansible rewrites the root passwords, the same ssh configs, users, etc. again.
Is it possible to somehow check the connection with the server beforehand (poke under the account of a special user, if any – go through the rest of the script from under it, only with become, if not – go as root and go through the rest of the script as clean Ruth)?
All solutions that I know are just crutches.
Or you can write a tiny initialization script that will perform only one action (create a user for anisible and fall off) – and put all other actions into the initialization2 script.
Or you can leave a long initialization script — and separately write almost the same script to repeat the initialization, but from the ansible user.
I would like to be able to test the ssh connection. Is it possible to do this or not? Who and how solves this problem? Or maybe there is not much point in trying to solve it?
Answer:
The other day on the big stackoverflow there was a discussion of the same topic (there only the ssh port is changed to a non-standard one), apparently it must be recognized that the most commonly used approach is to put the initialization steps into a separate playbook.
It turns out that each script remains idemponent.
Someone tries to fit as much as possible into such playbooks, someone less – but the direction is generally the same.