Description of problem: Follow the document /usr/share/ansible/openshift-ansible/playbooks/aws/README.md to provisioning cluster in AWS with none-root user(ec2-user). Set "ansible_ssh_user=ec2-user" in hosts file, it has no effect because ansible_ssh_user overwritten by openshift_aws_build_ami_ssh_user in /usr/share/ansible/openshift-ansible/playbooks/aws/openshift-cluster/build_ami.yml:37. Version-Release number of the following components: openshift-ansible-3.7.0-0.148.0.git.0.b35eb14.el7 ansible-2.3.2.0-2.el7 How reproducible: 100% Steps to Reproduce: 1. Follow the document /usr/share/ansible/openshift-ansible/playbooks/aws/README.md to provisioning cluster in AWS with none-root user(ec2-user). # cat hosts ... [OSEv3:vars] ansible_ssh_user=ec2-user ... 2. Run provisioning playbook # ansible-playbook -i hosts -vvv /usr/share/ansible/openshift-ansible/playbooks/aws/openshift-cluster/build_ami.yml -e @provisioning_vars.yml 3. Actual results: # ansible-playbook -i hosts -vvv /usr/share/ansible/openshift-ansible/playbooks/aws/openshift-cluster/build_ami.yml -e @provisioning_vars.yml ... TASK [set the user to perform installation] ************************************************************************************************************************************************** task path: /usr/share/ansible/openshift-ansible/playbooks/aws/openshift-cluster/build_ami.yml:35 ok: [xxx.compute-1.amazonaws.com] => { "ansible_facts": { "ansible_ssh_user": "root" }, "changed": false } META: ran handlers META: ran handlers ... TASK [Gathering Facts] *********************************************************************************************************************************************************************** Using module file /usr/lib/python2.7/site-packages/ansible/modules/system/setup.py <xxx.compute-1.amazonaws.com> ESTABLISH SSH CONNECTION FOR USER: root <xxx.compute-1.amazonaws.com> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=root -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/%C xxx.compute-1.amazonaws.com '/bin/sh -c '"'"'/usr/bin/python && sleep 0'"'"'' <xxx.compute-1.amazonaws.com> (0, 'Please login as the user "ec2-user" rather than the user "root".\n\n', "Warning: Permanently added 'xxx.compute-1.amazonaws.com,...' (ECDSA) to the list of known hosts.\r\n") fatal: [xxx.compute-1.amazonaws.com]: FAILED! => { "changed": false, "failed": true, "module_stderr": "Warning: Permanently added 'xxx.compute-1.amazonaws.com,...' (ECDSA) to the list of known hosts.\r\n", "module_stdout": "Please login as the user \"ec2-user\" rather than the user \"root\".\n\n", "msg": "MODULE FAILURE", "rc": 0 } to retry, use: --limit @/usr/share/ansible/openshift-ansible/playbooks/aws/openshift-cluster/build_ami.retry PLAY RECAP *********************************************************************************************************************************************************************************** xxx.compute-1.amazonaws.com : ok=1 changed=0 unreachable=0 failed=1 localhost : ok=21 changed=1 unreachable=0 failed=0 ... Expected results: Installer should use ec2-user. Additional info: # grep -nir "openshift_aws_build_ami_ssh_user" . ./playbooks/aws/openshift-cluster/build_ami.yml:37: ansible_ssh_user: "{{ openshift_aws_build_ami_ssh_user | default('root') }}"
This should be resolved or document on 3.7 cause related user story is target release 3.7.
Proposed fix is here. https://github.com/openshift/openshift-ansible/pull/5794 Will update when it gets merged.
Verified with version openshift-ansible-3.7.0-0.189.0.git.0.d497c5e.el7, the user is correct. # ansible-playbook -i hosts -vvv /usr/share/ansible/openshift-ansible/playbooks/aws/openshift-cluster/build_ami.yml -e @provisioning_vars.yml ... TASK [set the user to perform installation] ************************************************************************************************************************************************** task path: /usr/share/ansible/openshift-ansible/playbooks/aws/openshift-cluster/build_ami.yml:27 ok: [ec2-xx-xx-xx-xx.compute-1.amazonaws.com] => { "ansible_facts": { "ansible_ssh_user": "ec2-user", "openshift_node_bootstrap": true, "openshift_node_image_prep_packages": [ "cloud-utils-growpart" ] }, "changed": false, "failed": false } ...
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2017:3188