Ansible synchronize asking for a password

Question

I am using Ansible (1.9.2) to deploy some files to a Redhat 6.4 server.

The playbook looks something like this

- name: deploy files
  hosts: web
  tasks:
    - name sync files
      sudo: no
      synchronize:
        src={{ local_path }}
        dest={{ dest_path }}

And to kick this off I run something like the following

ansible-playbook -i myinventory myplaybook.yml -u DOMAIN\\user --ask-pass

When I start the play I enter my password at the prompt, facts are then obtained successfully, however as soon as the synchronize task is reached another prompt asks for my password again, like the following

DOMAIN\user@hostname's password:

If I enter my password again the deploy completes correctly.

My questions are

How can I fix or work around this, so that I do not have to enter my password for every use of the synchronize module?
Is this currently expected behaviour for the synchronize module? Or is this a bug in Ansible?

I cannot use ssh keys due to environment restrictions.

I do not want to use the copy module for scalability reasons.

Things I have tried

I have seen a number of other questions on this subject but I have not been able to use any of them to fix my issue or understand if this is expected behavior.
The Ansible docs are generally excellent but I have not been able to find anything about this on the offical docs.
I have tried specifiying the user and password in the inventory file and not using the --ask-pass and -u parameters. But while I then do not have to enter the password to collect facts, the synchronize module still requests my password.
I have tried setting the --ask-sudo-pass as well, but it did not help
I have been using a CentOS 7 control box, but I have also tried an Ubuntu 14.04 box

Can anyone help?

I have similar issue. As I see ansible is trying to rsync from root user when ansible_sudo == true. — Andrey Gubarev, Aug 17 '15 at 22:20
Ansible docs are quite bad actually. Documentation looks more like a bunch of low quality tutorials at this time. — alvarez, Nov 05 '15 at 15:18

score 1 · Answer 1 · answered Jul 29 '20 at 14:54

To pass a password to synchronize module you can use --password-file option like so.

tasks:
- name: test_rsync
  synchronize:
    mode: pull
    src: rsync://user@host/your/remote/path
    dest: /your/local/path/
    rsync_opts:
      - "--password-file=/path/to/password_file"

score 0 · Answer 2 · answered Mar 09 '16 at 04:09

Why not use inventory like below encrypted with Vault (ansible-playbook –ask-vault-pass …)?:

[targets]
other1.example.com    ansible_connection=ssh    ansible_ssh_user=mpdehaan   ansible_ssh_pass=foobar
other2.example.com    ansible_connection=ssh    ansible_ssh_user=mdehaan    ansible_ssh_pass=foobar123

score 0 · Answer 3 · answered Sep 21 '17 at 18:19

0

Synchronize will ask you for password if your ansible server credential is different from you target host. I've tried many proposed workarounds however none of them worked...

Eventually I had to go back to file module using --sftp-extra-args to achieve what I needed. It did the trick.

answered Sep 21 '17 at 18:19

eduprado

81
1
4

We still do not have a fix for this from Ansible ? :( – Vasanth Nag K V Nov 27 '18 at 05:58
Ansible's synchronize module is very limited to a small number of scenarios, i recommend using something like this: - name: downloading file command: "curl -o /opt/files/my_file_name" args: warn: false async: 7200 poll: 120 – eduprado Dec 04 '18 at 15:41

score 0 · Answer 4 · answered Jul 21 '22 at 09:36

I used the Shell for that.

- name: test_rsync
  shell: rsync -a --delete --rsh='/usr/bin/sshpass -p "{{ pass }}" ssh -o StrictHostKeyChecking=no -l $RemoteUser' {{ local_path }} $RemoteUser@{{ inventory_hostname }}:/{{ dest_path }}
  become: false
  delegate_to: localhost     #If needed

The password is encrypted with Ansible-Vault and saved under /vars/main.yml

Ansible synchronize asking for a password

4 Answers4