Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

'ansible_user' is undefined #23530

Closed
mhristof opened this issue Apr 12, 2017 · 20 comments · Fixed by #23830
Closed

'ansible_user' is undefined #23530

mhristof opened this issue Apr 12, 2017 · 20 comments · Fixed by #23830
Labels
affects_2.3 This issue/PR affects Ansible v2.3 bug This issue/PR relates to a bug. python3

Comments

@mhristof
Copy link

ISSUE TYPE
  • Bug Report
COMPONENT NAME

ansible

ANSIBLE VERSION
ansible 2.3.0.0
  config file =
  configured module search path = Default w/o overrides
  python version = 2.7.12 (default, Nov 19 2016, 06:48:10) [GCC 5.4.0 20160609]
CONFIGURATION

vanilla vagrant box, ubuntu/xenial64

OS / ENVIRONMENT

Only tested ubuntu/xenial64

SUMMARY

ansible_user seems to be undefined.

STEPS TO REPRODUCE

Just fire up a vagrant box, install ansible via pip and check the ansible_user

ubuntu@ubuntu-xenial:~$ pip install ansible
Collecting ansible
  Downloading ansible-2.3.0.0.tar.gz (4.3MB)
    100% |████████████████████████████████| 4.3MB 320kB/s
Collecting jinja2 (from ansible)
  Using cached Jinja2-2.9.6-py2.py3-none-any.whl
Collecting PyYAML (from ansible)
Collecting paramiko (from ansible)
  Using cached paramiko-2.1.2-py2.py3-none-any.whl
Collecting pycrypto>=2.6 (from ansible)
Collecting setuptools (from ansible)
  Using cached setuptools-34.4.1-py2.py3-none-any.whl
Collecting MarkupSafe>=0.23 (from jinja2->ansible)
Collecting pyasn1>=0.1.7 (from paramiko->ansible)
  Using cached pyasn1-0.2.3-py2.py3-none-any.whl
Collecting cryptography>=1.1 (from paramiko->ansible)
Collecting appdirs>=1.4.0 (from setuptools->ansible)
  Using cached appdirs-1.4.3-py2.py3-none-any.whl
Collecting packaging>=16.8 (from setuptools->ansible)
  Using cached packaging-16.8-py2.py3-none-any.whl
Collecting six>=1.6.0 (from setuptools->ansible)
  Using cached six-1.10.0-py2.py3-none-any.whl
Collecting ipaddress (from cryptography>=1.1->paramiko->ansible)
  Using cached ipaddress-1.0.18-py2-none-any.whl
Collecting idna>=2.1 (from cryptography>=1.1->paramiko->ansible)
  Using cached idna-2.5-py2.py3-none-any.whl
Collecting asn1crypto>=0.21.0 (from cryptography>=1.1->paramiko->ansible)
  Using cached asn1crypto-0.22.0-py2.py3-none-any.whl
Collecting enum34 (from cryptography>=1.1->paramiko->ansible)
  Using cached enum34-1.1.6-py2-none-any.whl
Collecting cffi>=1.4.1 (from cryptography>=1.1->paramiko->ansible)
  Using cached cffi-1.10.0-cp27-cp27mu-manylinux1_x86_64.whl
Collecting pyparsing (from packaging>=16.8->setuptools->ansible)
  Using cached pyparsing-2.2.0-py2.py3-none-any.whl
Collecting pycparser (from cffi>=1.4.1->cryptography>=1.1->paramiko->ansible)
Building wheels for collected packages: ansible
  Running setup.py bdist_wheel for ansible ... done
  Stored in directory: /home/ubuntu/.cache/pip/wheels/9e/36/1f/9281addf43ee457e2847b021ba41a5641de9c7f7f1aa68a5d5
Successfully built ansible
Installing collected packages: MarkupSafe, jinja2, PyYAML, pyasn1, appdirs, pyparsing, six, packaging, setuptools, ipaddress, idna, asn1crypto, enum34, pycparser, cffi, cryptography, paramiko, pycrypto, ansible
Successfully installed MarkupSafe-1.0 PyYAML-3.12 ansible-2.2.0.0 appdirs-1.4.3 asn1crypto-0.22.0 cffi-1.10.0 cryptography-1.8.1 enum34-1.1.6 idna-2.5 ipaddress-1.0.18 jinja2-2.9.6 packaging-16.8 paramiko-2.1.2 pyasn1-0.2.3 pycparser-2.17 pycrypto-2.6.1 pyparsing-2.2.0 setuptools-34.4.1 six-1.10.0
You are using pip version 8.1.1, however version 9.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
ubuntu@ubuntu-xenial:~$ ansible all -i 'localhost, ' -c local -m debug -a 'var=ansible_user'
localhost | SUCCESS => {
    "ansible_user": "VARIABLE IS NOT DEFINED!",
    "changed": false
}
EXPECTED RESULTS
localhost | SUCCESS => {
    "ansible_user": "ubuntu"
}
ACTUAL RESULTS
localhost | SUCCESS => {
    "ansible_user": "VARIABLE IS NOT DEFINED!",
    "changed": false
}

This works on 2.2.0.0

ubuntu@ubuntu-xenial:~$ ansible all -i 'localhost, ' -c local -m debug -a 'var=ansible_user'
localhost | SUCCESS => {
    "ansible_user": "VARIABLE IS NOT DEFINED!",
    "changed": false
}
ubuntu@ubuntu-xenial:~$ pip install ansible==2.2.0.0
Collecting ansible==2.2.0.0
Collecting PyYAML (from ansible==2.2.0.0)
Collecting setuptools (from ansible==2.2.0.0)
  Using cached setuptools-34.4.1-py2.py3-none-any.whl
Collecting jinja2 (from ansible==2.2.0.0)
  Using cached Jinja2-2.9.6-py2.py3-none-any.whl
Collecting paramiko (from ansible==2.2.0.0)
  Using cached paramiko-2.1.2-py2.py3-none-any.whl
Collecting pycrypto>=2.6 (from ansible==2.2.0.0)
Collecting appdirs>=1.4.0 (from setuptools->ansible==2.2.0.0)
  Using cached appdirs-1.4.3-py2.py3-none-any.whl
Collecting packaging>=16.8 (from setuptools->ansible==2.2.0.0)
  Using cached packaging-16.8-py2.py3-none-any.whl
Collecting six>=1.6.0 (from setuptools->ansible==2.2.0.0)
  Using cached six-1.10.0-py2.py3-none-any.whl
Collecting MarkupSafe>=0.23 (from jinja2->ansible==2.2.0.0)
Collecting pyasn1>=0.1.7 (from paramiko->ansible==2.2.0.0)
  Using cached pyasn1-0.2.3-py2.py3-none-any.whl
Collecting cryptography>=1.1 (from paramiko->ansible==2.2.0.0)
Collecting pyparsing (from packaging>=16.8->setuptools->ansible==2.2.0.0)
  Using cached pyparsing-2.2.0-py2.py3-none-any.whl
Collecting ipaddress (from cryptography>=1.1->paramiko->ansible==2.2.0.0)
  Using cached ipaddress-1.0.18-py2-none-any.whl
Collecting idna>=2.1 (from cryptography>=1.1->paramiko->ansible==2.2.0.0)
  Using cached idna-2.5-py2.py3-none-any.whl
Collecting asn1crypto>=0.21.0 (from cryptography>=1.1->paramiko->ansible==2.2.0.0)
  Using cached asn1crypto-0.22.0-py2.py3-none-any.whl
Collecting enum34 (from cryptography>=1.1->paramiko->ansible==2.2.0.0)
  Using cached enum34-1.1.6-py2-none-any.whl
Collecting cffi>=1.4.1 (from cryptography>=1.1->paramiko->ansible==2.2.0.0)
  Using cached cffi-1.10.0-cp27-cp27mu-manylinux1_x86_64.whl
Collecting pycparser (from cffi>=1.4.1->cryptography>=1.1->paramiko->ansible==2.2.0.0)
Installing collected packages: PyYAML, appdirs, pyparsing, six, packaging, setuptools, MarkupSafe, jinja2, pyasn1, ipaddress, idna, asn1crypto, enum34, pycparser, cffi, cryptography, paramiko, pycrypto, ansible
Successfully installed MarkupSafe-1.0 PyYAML-3.12 ansible-2.2.0.0 appdirs-1.4.3 asn1crypto-0.22.0 cffi-1.10.0 cryptography-1.8.1 enum34-1.1.6 idna-2.5 ipaddress-1.0.18 jinja2-2.9.6 packaging-16.8 paramiko-2.1.2 pyasn1-0.2.3 pycparser-2.17 pycrypto-2.6.1 pyparsing-2.2.0 setuptools-34.4.1 six-1.10.0
You are using pip version 8.1.1, however version 9.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
ubuntu@ubuntu-xenial:~$ ansible all -i 'localhost, ' -c local -m debug -a 'var=ansible_user'
localhost | SUCCESS => {
    "ansible_user": "ubuntu"
}
@ansibot ansibot added affects_2.3 This issue/PR affects Ansible v2.3 bug_report needs_triage Needs a first human triage before being processed. python3 labels Apr 12, 2017
@nitzmahone
Copy link
Member

This isn't a bug. In the absence of a specified user, either by -u, config, inventory, or play keywords, each connection plugin is free to interpret who the current user is in a way that makes sense. Most choose the user running ansible, but WinRM with kerberos (for example) will use the ambient TGT if one is found. So we can't sanely set a global default value for ansible_user without breaking things.

@nitzmahone nitzmahone removed the needs_triage Needs a first human triage before being processed. label Apr 13, 2017
@mhristof
Copy link
Author

i see your point, but the same command ansible all -i 'localhost, ' -c local -m debug -a 'var=ansible_user' seem to have changed behaviour on two different versions of ansible and i didn't see anything mentioned.

@bcoca
Copy link
Member

bcoca commented Apr 17, 2017

The behaviour change for debug was not intended, but also not something we are looking at. ansible_user is a variable the user sets for the connection to consume, not the other way around.

Also note that 'debug' has no connection as it is a special action that does not require one, like add_hosts, group_by, pause, etc. These are actions that affect the data or display of Ansible itself, not the target hosts.

@mhristof
Copy link
Author

its not only happening in the debug module.

ubuntu@ubuntu-xenial:~$ cat test.yml
---
  - hosts: all

    tasks:
      - name: touch ansible_user file
        file:
          path: /tmp/{{ ansible_user }}
          state: touch
ubuntu@ubuntu-xenial:~$ !ans
ansible-playbook test.yml  -i 'localhost, '

PLAY [all] *********************************************************************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] *********************************************************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [touch ansible_user file] *************************************************************************************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"failed": true, "msg": "the field 'args' has an invalid value, which appears to include a variable that is undefined. The error was: 'ansible_user' is undefined\n\nThe error appears to have been in '/home/ubuntu/test.yml': line 5, column 9, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n    tasks:\n      - name: touch ansible_user file\n        ^ here\n"}
	to retry, use: --limit @/home/ubuntu/test.retry

PLAY RECAP *********************************************************************************************************************************************************************************************************************************************************************
localhost                  : ok=1    changed=0    unreachable=0    failed=1

ubuntu@ubuntu-xenial:~$ ansible --version
ansible 2.3.0.0
  config file =
  configured module search path = Default w/o overrides
  python version = 2.7.12 (default, Nov 19 2016, 06:48:10) [GCC 5.4.0 20160609]
ubuntu@ubuntu-xenial:~$

@evrardjp
Copy link
Contributor

evrardjp commented Apr 19, 2017

@bcoca : I Agree with @mhristof here.
The confusing part would be: http://docs.ansible.com/ansible/intro_configuration.html#remote-user

If nothing is set, we expect this to be from the env. Here it just fails. Either we need a doc change, or a change the behavior.

@geerlingguy
Copy link
Contributor

I'm starting to see this creeping in from a lot of different places actually—I've been getting some error reports in certain environments where playbooks were working great and all the sudden are not, and I just experienced it in some of my Travis CI builds, where I'm getting The error was: 'ansible_user' is undefined.

See some excellent sleuthing by @oxyc here: geerlingguy/drupal-vm#1302 (comment)

Basically, I have to ask... if we can't use ansible_user (and ansible_ssh_user disappeared post-2.0)—is there any variable that we can use that contains the current $USER, or should I start rewriting things to expect that ansible_user may or may not be populated?

I haven't had an issue from 2.0 -> 2.2.x, but now that 2.3.0 is here it pops up in some environments but not others.

@geerlingguy
Copy link
Contributor

Additionally, if I pass something like -u username it still gives me the error :/

@evrardjp
Copy link
Contributor

evrardjp commented Apr 20, 2017

@geerlingguy we started to move to ansible_user_id, but hell who know's what's going to happen on next release.

@alikins alikins reopened this Apr 20, 2017
@bcoca
Copy link
Member

bcoca commented Apr 20, 2017

ansible_ssh_user did not go away, its just the 'ssh connection plugin specific' version of ansible_user, ansible_user_id is a result of fact gathering, which has different implications (also see become interactions).

I suspect the break came here 58ee661

@alikins
Copy link
Contributor

alikins commented Apr 20, 2017

I would say ansible_user can potentially be none (there is no builtin default but usually remote_user ansible_ssh_user etc provide it) for the reasons @nitzmahone mentioned.

for the case here

ubuntu@ubuntu-xenial:~$ ansible all -i 'localhost, ' -c local -m debug -a 'var=ansible_user'
localhost | SUCCESS => {
   "ansible_user": "VARIABLE IS NOT DEFINED!",
   "changed": false
}

It seems like it is a bug that is not being set.

@bcoca
Copy link
Member

bcoca commented Apr 20, 2017

reverting the commit above 'fixes it'

bcoca added a commit to bcoca/ansible that referenced this issue Apr 20, 2017
bcoca added a commit that referenced this issue Apr 20, 2017
* Revert "fixes play context connection user (#21776)"

This reverts commit 58ee661.
fixes #23530

* preserve original in copy

updated comment to clarify wtf is going on here

(cherry picked from commit eb887b8)
bcoca added a commit that referenced this issue Apr 20, 2017
* Revert "fixes play context connection user (#21776)"

This reverts commit 58ee661.
fixes #23530

* preserve original in copy

updated comment to clarify wtf is going on here
@JLofgren
Copy link

JLofgren commented Aug 7, 2017

@geerlingguy asked an excellent question, and I want to repeat it, because I am also seeking an answer:

Basically, I have to ask... if we can't use ansible_user (and ansible_ssh_user disappeared post-2.0)—is there any variable that we can use that contains the current $USER, or should I start rewriting things to expect that ansible_user may or may not be populated?

How can I refer to the user who is running the ansible playbook???

@nitzmahone
Copy link
Member

nitzmahone commented Aug 7, 2017

lookup('env', 'USER') or lookup('pipe', 'whoami') would both work under most circumstances (and could be combined with default to implement a fallback behavior).

@JLofgren
Copy link

JLofgren commented Aug 8, 2017

@nitzmahone - Thanks, that seems to work for me!

@haridsv
Copy link
Contributor

haridsv commented Apr 16, 2018

In addition to ansible_user not working with become_user, I am noticing that it doesn't work in the Jinja2 template either. E.g., with this:

- hosts: all
  gather_facts: no
  tasks:
    - copy:
        dest: /tmp/t.j2
        content: "{{ '{{' }} remote_user {{ '}}' }}"
    - template:
        src: /tmp/t.j2
        dest: /tmp/t

You get the below error:

$ ansible-playbook -v -i localhost, t.yaml
...
TASK [template] ********************************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "AnsibleUndefinedVariable: 'remote_user' is undefined"}
        to retry, use: --limit @/tmp/t.retry
...

I even tried using ansible_user and ansible_ssh_user and got the same error, but when I tried inventory_hostname it worked fine.

BTW, with become_user, the problem is not just with remote_user, I can't get ansible_user or ansible_ssh_user to work either, e.g., with this:

- hosts: all
  gather_facts: no
  tasks:
    - shell: whoami
      become: yes
      become_user: "{{ansible_ssh_user}}"

I get this error:

$ ansible-playbook -v -i localhost, t.yaml
...
TASK [shell] ***********************************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"msg": "The field 'become_user' has an invalid value, which includes an undefined variable. The error was: 'ansible_ssh_user' is undefined"}
        to retry, use: --limit @/tmp/t.retry
...

@haridsv
Copy link
Contributor

haridsv commented Apr 16, 2018

Another workaround is to use set_fact to set a temporary fact with the value of ansible_user and then use that as the value for become_user.

@edesz
Copy link

edesz commented Aug 14, 2018

@haridsv I tried your workaround to install the package vim

- name:
  set_fact: myuser="{{ ansible_user }}"

- apt:
    name: vim
    state: present
  become: yes
  become_method: sudo
  become_user: "{{ myuser }}"

But I got this error about missing file permission


<localhost> ESTABLISH LOCAL CONNECTION FOR USER: userabc
<localhost> EXEC /bin/sh -c 'echo ~userabc && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/userabc/.ansible/tmp/ansible-tmp-1534213465.84-219764663366229 `" && echo ansible-tmp-1534213465.84-219764663366229="` echo /home/userabc/.ansible/tmp/ansible-tmp-1534213465.84-219764663366229 `" ) && sleep 0'
Using module file /home/userabc/.venv/local/lib/python2.7/site-packages/ansible/modules/packaging/os/apt.py
<localhost> PUT /home/userabc/.ansible/tmp/ansible-local-27234S03P7r/tmpXK5fmH TO /home/userabc/.ansible/tmp/ansible-tmp-1534213465.84-219764663366229/apt.py
<localhost> EXEC /bin/sh -c 'chmod u+x /home/userabc/.ansible/tmp/ansible-tmp-1534213465.84-219764663366229/ /home/userabc/.ansible/tmp/ansible-tmp-1534213465.84-219764663366229/apt.py && sleep 0'
<localhost> EXEC /bin/sh -c '/home/userabc/.venv/bin/python /home/userabc/.ansible/tmp/ansible-tmp-1534213465.84-219764663366229/apt.py && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /home/userabc/.ansible/tmp/ansible-tmp-1534213465.84-219764663366229/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
  File "/tmp/ansible_YOK5VF/ansible_module_apt.py", line 299, in <module>
    import apt

failed: [localhost] (item=vim) => {
    "changed": false, 
    "cmd": "apt-get update", 
    "invocation": {
        "module_args": {
            "allow_unauthenticated": false, 
            "autoclean": false, 
            "autoremove": false, 
            "cache_valid_time": 0, 
            "deb": null, 
            "default_release": null, 
            "dpkg_options": "force-confdef,force-confold", 
            "force": false, 
            "force_apt_get": false, 
            "install_recommends": null, 
            "name": "vim", 
            "only_upgrade": false, 
            "package": [
                "vim"
            ], 
            "purge": false, 
            "state": "present", 
            "update_cache": null, 
            "upgrade": null
        }
    }, 
    "item": "vim", 
    "msg": "E: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)\nE: Unable to lock directory /var/lib/apt/lists/\nW: Problem unlinking the file /var/cache/apt/pkgcache.bin - RemoveCaches (13: Permission denied)\nW: Problem unlinking the file /var/cache/apt/srcpkgcache.bin - RemoveCaches (13: Permission denied)", 
    "rc": 100, 
    "stderr": "E: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)\nE: Unable to lock directory /var/lib/apt/lists/\nW: Problem unlinking the file /var/cache/apt/pkgcache.bin - RemoveCaches (13: Permission denied)\nW: Problem unlinking the file /var/cache/apt/srcpkgcache.bin - RemoveCaches (13: Permission denied)\n", 
    "stderr_lines": [
        "E: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)", 
        "E: Unable to lock directory /var/lib/apt/lists/", 
        "W: Problem unlinking the file /var/cache/apt/pkgcache.bin - RemoveCaches (13: Permission denied)", 
        "W: Problem unlinking the file /var/cache/apt/srcpkgcache.bin - RemoveCaches (13: Permission denied)"
    ], 
    "stdout": "Reading package lists...\n", 
    "stdout_lines": [
        "Reading package lists..."
    ]
}

@haridsv
Copy link
Contributor

haridsv commented Aug 14, 2018

@edesz You are trying to install system package as a regular user, which is why you are seeing the permissions issues. What is the error you are trying to workaround?

@edesz
Copy link

edesz commented Aug 14, 2018

You are right. That could be it.

My issue was about undefined variable ansible_user. When I tried to run

become_user: "{{ ansible_user }}"

I got the same error as in the OP here that "failed": true, "msg": "the field 'args' has an invalid value, which appears to include a variable that is undefined. The error was: 'ansible_user' is undefined.

After searching through Google I came to this issue and I thought your workaround might have worked. That was my reason for trying it and posting here about it.

But your are right....my problem is likely due to running as a regular user.

@haridsv
Copy link
Contributor

haridsv commented Aug 14, 2018

@edesz Right, you should be able to get past this error by just removing become_user.

@ansible ansible locked and limited conversation to collaborators Apr 26, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
affects_2.3 This issue/PR affects Ansible v2.3 bug This issue/PR relates to a bug. python3
Projects
None yet
Development

Successfully merging a pull request may close this issue.

10 participants