How do I get a variable with the name of the user running ansible?

Question

I'm scripting a deployment process that takes the name of the user running the ansible script (eg tlau) and creates a deployment directory on the remote system based on that username and the current date/time (eg tlau-deploy-2014-10-15-16:52).

You would think this is available in ansible facts (eg LOGNAME or SUDO_USER), but those are all set to either "root" or the deployment id being used to ssh into the remote system. None of those contain the local user, the one who is currently running the ansible process.

How can I script getting the name of the user running the ansible process and use it in my playbook?

Answer 1

If you gather_facts , which is enabled by default for playbooks, there is a built-in variable that is set called ansible_user_id that provides the user name that the tasks are being run as. You can then use this variable in other tasks or templates with {{ ansible_user_id }} . This would save you the step of running a task to register that variable.

See: https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#variables-discovered-from-systems-facts

Answer 2

If you mean the username on the host system, there are two options:

You can run a local action (which runs on the host machine rather than the target machine):

- name: get the username running the deploy
  become: false
  local_action: command whoami
  register: username_on_the_host

- debug: var=username_on_the_host

In this example, the output of the whoami command is registered in a variable called "username_on_the_host", and the username will be contained in username_on_the_host.stdout .

(the debug task is not required here, it just demonstrates the content of the variable)

---

The second options is to use a "lookup plugin":

{{ lookup('env', 'USER') }}

Read about lookup plugins here: docs.ansible.com/ansible/playbooks_lookups.html

Answer 3

I put something like the following in all templates:

# Placed here by {{ lookup('env','USER') }} using Ansible, {{ ansible_date_time.date }}.

When templated over it shows up as:

# Placed here by staylorx using Ansible, 2017-01-11.

If I use {{ ansible_user_id }} and I've become root then that variable indicates "root", not what I want most of the time.

Answer 4

This reads the user name from the remote system, because it is not guaranteed, that the user names on the local and the remote system are the same. It is possible to change the name in the SSH configuration.

- name: Run whoami without become.
  command: whoami
  changed_when: false
  become: false
  register: whoami

- name: Set a fact with the user name.
  set_fact:
    login_user: "{{ whoami.stdout }}"

Answer 5

This seems to work for me (ansible 2.9.12):

- name: get the non root remote user
  set_fact:
    remote_regular_user: "{{ ansible_env.SUDO_USER or ansible_user_id }}"

You can also simply set this as a variable - eg in your group_vars/all.yml :

remote_regular_user: "{{ ansible_env.SUDO_USER or ansible_user_id }}"

Answer 6

if you want to get the user who run the template in ansible tower you could use this var {{tower_user_name}} in your playbook but it´s only defined on manually executions

tower_user_name :The user name of the Tower user that started this job. This is not available for callback or scheduled jobs.

check this docs https://docs.ansible.com/ansible-tower/latest/html/userguide/job_templates.html

Answer 7

When you use the "become" option to launch Ansible or run a task, the logged in user will change to the user you are changing to (typically root ). To get the name of the original user used to log in to the remote host with (ie: before escalating) you can use the ansible_user special variable . In addition, if you want to gather facts for a specific user other than the one currently running a task, you can use the user built-in module by doing something like this:

- user
    name: "username"
  register: user_data

Now the user_data fact contains a bunch of useful information about that user, including their uid, gid, home folder, and a bunch of other stuff. See the return value for this task in the docs for details. Using this technique, you can get details about the original user Ansible was launched with by doing something like this:

- user
    name: "{{ ansible_user }}"
  register: user_data

Conversely, if all you want is the name of the active user that is running a specific task (ie: which accounts for any user-switches that occur with the "become" operation) you can use the ansible_user_id fact instead.