ansible: create user without asking runner's password

Question

I have the following two ymls:

---

- hosts: localhost
  vars:
    - username: test
  tasks:
    - name: Include User
      include: 'user.yml'
      become: true

---

- name: Create user '{{ username }}'
  user:
    name: '{{ username }}'
    password: 'password...'
    become: true

I got the error message below:

$ ansible-playbook main.yml
fatal: [localhost]: FAILED! => {"changed": false, "module_stderr": "sudo: a password is required\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 1}

I do not want to pass my password during the execution. Is it possible to run the script without asking password from the executor?

If so, how can I alter the ansible descriptor accordingly?

Ansible 2.6.1
Ubuntu 18.04 LTS

score 0 · Answer 1 · answered Jul 23 '18 at 08:45

You have several options

You can set NOPASSwD for your user in /etc/sudoers, I would not consider this secure

superuser ALL=(ALL) NOPASSWD:ALL

Another option would be to set a variable ansible_sudo_pass in your your inventory, host_vars or group_vars. You should create a vault for it, not to store the password in clear text, to make it secure, but you will have to enter a vault password then.

ansible: create user without asking runner's password

1 Answers1