Reputation: 357
How to use --ask-become-pass with ansible 1.9.4
I am a new user to ansible. I am attempting to use the privilege escalation feature to append a line to a file owned by root.
The following documentation tells me I can use --ask-become-pass with become_user to be prompted for the become_user password but I have no idea how to use it.
http://docs.ansible.com/ansible/become.html
My current code I am working with is as follows:
- name: Add deploy to sudoers
remote_user: me
become: yes
become_method: su
ask_become_pass: true
lineinfile:
dest=/etc/somefile
line=sometext
regexp="^sometext"
owner=root
state=present
insertafter=EOF
create=True
Which gives me the error: ERROR: ask_become_pass is not a legal parameter in an Ansible task or handler
Can anyone give me an idea of what I might be doing wrong here?
Thanks in advance.
Upvotes: 10
Views: 23942
Answers (3)
Reputation: 2604
In addition to the great answers by @Capri90 and @vijay you can also specify a configuration to ask for the 'become pass' by default. This is documented under DEFAULT_BECOME_ASK_PASS in the Ansible Configuration Settings documentation. You can specify it using an environment variable or set it in an Ansible configuration file.
I use it in a ansible.cfg file in the repository:
[privilege_escalation]
become_ask_pass = true
ansible.cfg is one of the default locations for the Ansible Configuration file. (more about default locations in the docs)
Upvotes: 4
Reputation: 10997
@Capri90 showed how to use
BUT
When --ask-become-pass is used user will need to MANUALLY enter password every time , so to avoid it follow bellow steps
Instead use below configuration
playbook.yml
---
- hosts: yo_my_ips
become: yes
become_user: root
tasks:
- name: Install latest version of "npm"
apt:
name: npm
state: latest
ansible.cfg
[defaults]
inventory = yo_ansible_inventory.txt
yo_ansible_inventory.txt
Note : ansible_become_pass will be used when command sudo apt-get install npm is fired
[all:vars]
ansible_connection=ssh
ansible_user=tom
ansible_become_pass=jerrypassword
[yo_my_ips]
192.168.1.105
Upvotes: 1
Reputation: 191
The doc says that ask_become_pass is a command line parameter. Which means you have to use it while executing the playbook:
ansible-playbook *playbook-name* --ask-become-pass
In this case ansible will ask for the password.
The other option ansible_become_pass can be used in the inventory or also as an extra_var. There you can set the password while executing the playbook.
Upvotes: 12
Related Questions
- Access --ask-become-pass value in task
- ansible replace `--ask-pass` with a vaulted password
- overriding ansible_become_pass w/ command line option --ask-become-pass
- How pass password with Ansible?
- How to make ansible only ask for become password when required
- how to require --ask-become-pass in ansible without a command-line flag
- How to pass passphrase on the ansible cli?
- How to use "become_pass" in an Ansible Playbook
- Ansible - Passing password to playbook command which uses --ask-become-pass option
- Why Ansible ignores ansible_become_password variable?