CODEWITHSUNDEEP
passwordsansibleprivileges
Ankit Kulkarni
Ankit Kulkarni

Reputation: 1335

Ansible set password for complete play

I am using Ansible to define a lot of tasks which needs sudo privileges(user running tasks is a non root user who is a member of sudo group) . To do so I have been using following code every time defining become, become_method and become_pass . 

# This is a sample task which needs sudo privileges
- name: copy the dnsmasq file
  template: src="templates/dnsmasq.conf" dest="/etc/dnsmasq.conf" owner="{{ROOT_USER}}" mode="0644" group="{{ROOT_USER}}"
  become: yes
  become_method: sudo
  become_pass: "{{ remote_user_password }}"
  notify: Restart dnsmasq

I want to set the following attributes at play level become, become_method and become_pass . I can set become, become_method but I get ERROR: become_pass is not a legal parameter of an Ansible Play which of course makes sense but then whats the attribute to define password at play level ?

I also tried privilege escalation using ansible_become=yes ansible_become_method=sudo ansible_become_user=MY_NON_ROOT_USER ansible_become_pass=My_PASSWD in ansible_hosts file(where we define host) but it still does not allow the tasks to run without sudo and gives permission denied.

Is there a way I can define one time password for a playbook to run in non-interactive way so that I don't have to define become attributes for each and every task .

Upvotes: 1

Views: 2276

Answers (1)

Raul Hugo
Raul Hugo

Reputation: 1136

I use :

deploy.yml

- name: Todo something
  hosts: all
  become: yes
  become_user: root
  become_method: su

When you execute the playbook pass the password like a extra var.

 --extra-vars='ansible_become_pass=password'

Upvotes: 1

Related Questions