Should user credentials for inventories be optional?

[jamesalbert]

great ui, love this project ❤️

I did get held up a little on setting up inventories. The infra I'm connecting to requires a signed key for connecting and that key expires at a particular interval. The solution that worked for me was provisioning the agent with an initial key pair in ~/.ssh and sign it periodically via cron. That's all well and good, but I had to give the inventory a bogus key to satisfy the requirement, one that I'll never end up using for real. I tried using None credentials and overriding the cli args with the remote user I'm trying to assume e.g. ["-u", "root"], but it still defaults to the host user

My question is, given that credentials can be overridden at the template level or resort to default keys (e.g. id_rsa), can we make user credentials optional for inventories?

[jamesalbert]

quick workaround:

using None credentials, starting the playbook with

- name: Check if connection is possible
  shell: |
    ssh -o User={{ item }} -o ConnectTimeout=60 {{ ansible_host }} "echo 0"
  register: user
  connection: local
  ignore_errors: yes
  changed_when: user.rc | default(-1) == 0
  when: not(user.changed | default(False))
  loop:
  - ubuntu
  - root
  - centos

- set_fact:
    ansible_user: "{{ (user.results | selectattr('changed', 'equalto', true)|first).item | default('')}}"

- meta: end_host
  when: ansible_user == ''

sets the user to one that works for a particular node

[fiftin]

Yes, You can provide None credentials for inventory but you can't override it in the template.