2

Currently, I am using both ask-pass and ask-become-pass in order to execute my playbook. Hence, ansible asks me for my ssh password and then, again for the sudo password, thus making me enter the password twice (at least, enter password once and then hit the return button again for defaulting become-pass to the ssh-pass).

I would like ansible to not ask for the "become-pass" at all and instead, default it to the ssh password (ask-pass). Is that possible?

$ ansible-playbook -i inventory/inv --user=myuser -k -K myplaybook.yml 
SSH password: 
BECOME password[defaults to SSH password]:
Praveen B K
  • 21
  • 1
  • 3

2 Answers2

0

Yes, it's possible.

  1. specify all those passwords in inventory file as variables to hosts/groups
  2. specify all those passwords in variables files
  3. specify all those passwords in ansible vault, you'll prompted for password to open that vault (if you don't specify that open vault password in ansible.cfg file)
  4. specify all those password as extra variables in CLI

To read:

  1. https://www.cyberciti.biz/faq/how-to-set-and-use-sudo-password-for-ansible-vault/

  2. Specify sudo password for Ansible

itdiver
  • 1
  • 1
  • 1
    My question is a bit different. I am ok to enter the password once (for --ask-pass). I just want the same password to be defaulted for the --ask-sudo-pass as well. In other words, I don't want to enter the password twice. – Praveen B K Jan 27 '20 at 12:25
  • Then just hit "Enter" key on that prompt -> "BECOME password[defaults to SSH password]:" Don't enter you password again there. – itdiver Jan 29 '20 at 13:25
  • That's exactly what I would like to avoid - Having to respond twice. Hence, the question. – Praveen B K Jan 30 '20 at 16:52
  • 1
    Don't use "-k" key. Use -b key. In inventory file for group of hosts "all" add: [all:vars] become_password={{ ansible_password }} Or in command add: -e "become_password={{ ansible_password }}" – itdiver Feb 03 '20 at 14:24
0

Using Ansible 2.11.9, I only get promoted once with:

ansible-playbook myplaybook.yaml --ask-pass -e "ansible_sudo_pass={{ ansible_password }}"
Nick
  • 2,342
  • 28
  • 25