Search
 
SCRIPT & CODE EXAMPLE
 

SHELL

ansible become sudo pawwsord

ansible-playbook playbook.yml -i inventory.ini --user=username 
                              --extra-vars "ansible_sudo_pass=yourPassword"
Comment

ansible become sudo pawwsord

Probably the best way to do this - assuming that you can't use the NOPASSWD solution provided by scottod - is to use Mircea Vutcovici's solution in combination with Ansible vault Archived.
For example, you might have a playbook something like this:

- hosts: all

  vars_files:
    - secret

  tasks:
    - name: Do something as sudo
      service: name=nginx state=restarted
      sudo: yes
      
Here we are including a file called secret which will contain our sudo password.
We will use ansible-vault to create an encrypted version of this file:


ansible-vault create secret
This will ask you for a password, then open your default editor to edit the file. You can put your ansible_sudo_pass in here.

e.g.: secret:

ansible_sudo_pass: mysudopassword
Save and exit, now you have an encrypted secret file which Ansible is able to decrypt when you run your playbook. Note: you can edit the file with ansible-vault edit secret (and enter the password that you used when creating the file)

The final piece of the puzzle is to provide Ansible with a --vault-password-file which it will use to decrypt your secret file.
Create a file called vault.txt and in that put the password that you used when creating your secret file. The password should be a string stored as a single line in the file.

From the Ansible Docs:
.. ensure permissions on the file are such that no one else can access your key and do not add your key to source control

Finally: you can now run your playbook with something like
ansible-playbook playbook.yml -u someuser -i hosts --sudo --vault-password-file=vault.txt 
The above is assuming the following directory layout:

.
|_ playbook.yml
|_ secret
|_ hosts
|_ vault.txt
Comment

ansible become sudo pawwsord

Ansible 2.0 (not 100% when) marked --ask-sudo-pass as deprecated. The docs now recommend using --ask-become-pass instead, while also swapping out the use of sudo throughout your playbooks with become.
Comment

PREVIOUS NEXT
Code Example
Shell :: gitignore global example 
Shell :: uninstall xbox game bar 
Shell :: golang hot reload 
Shell :: after checkout fatal: You are not currently on a branch. 
Shell :: root kali login 
Shell :: unmount nfs 
Shell :: ubuntu microphone does not work 
Shell :: shared folder virtualbox ubuntu 
Shell :: git pull with username and password 
Shell :: kill all mongodb processes 
Shell :: pm2 start yarn start 
Shell :: git delete all merged branches 
Shell :: ubuntu delete directory and all files 
Shell :: Install docker with apt command 
Shell :: how to install python on linux/terminal 
Shell :: Exit bash script if not running as root 
Shell :: install powershell ubuntu 
Shell :: docker view container logs 
Shell :: docker compose no space left on device 
Shell :: linux require a password to open a certain file 
Shell :: alpine linux install redis-cli 
Shell :: uptime cmd 
Shell :: git bash anaconda 
Shell :: linux bin to iso 
Shell :: install oh my zsh mac 
Shell :: how to switch branch 
Shell :: ubuntu change directory owner 
Shell :: install from tar gz file unix 
Shell :: xargs multiple commands "mac" 
Shell :: how to run deb file 
ADD CONTENT
Topic
Content
Source link
Name
3+1 =