Reputation: 667
How to pass a user / password in ansible command
I want to use Ansible as part of another Python software. in that software I have a hosts list with their user / password.
Is there a way to pass the user / pass of the SSH connection to the Ansible ad-hoc command or write it in any file in encrypted way?
Or do i understand it all wrong, and the only way to do it is with SSH certification?
Upvotes: 62
Views: 339268
Answers (5)
Reputation: 587
the most stright forward way with the ansible is to put your vars in an inventory file, i know that there is some cases that the vars should be passed like environment variables or arguments, so make a temp inventory , put the vars inside it , do the job and then remove it if required,
#set some test vars in linux environment or load them from a .env file
export server_ip=54.82.65.25
export my_user=foo
export my_pass=bar
#put vars in a temp inventory file
echo "$server_ip ansible_user=$my_user ansible_password=$my_pass" >> tempinventory
#run my_play.yml
ansible-playbook -i tempinventory my_play.yml
Upvotes: 0
Reputation: 679
You can use --extra-vars like this:
ansible all --inventory=10.0.1.2, -m ping \
--extra-vars "ansible_user=root ansible_password=yourpassword"
If you're authenticating to a Linux host that's joined to a Microsoft Active Directory domain, this command line works.
ansible --module-name ping \
--extra-vars 'ansible_user=domain\user ansible_password=PASSWORD' \
--inventory 10.10.6.184, all
Upvotes: 52
Reputation:
The docs say you can specify the password via the command line:
-k,--ask-pass.
ask for connection password
Ansible can also store the password in the ansible_password variable on a per-host basis.
Upvotes: 69
Reputation: 389
I used the command
ansible -i inventory example -m ping -u <your_user_name> --ask-pass
And it will ask for your password.
For anyone who gets the error:
to use the 'ssh' connection type with passwords, you must install the sshpass program
On MacOS, you can follow below instructions to install sshpass:
- Download the Source Code
- Extract it and cd into the directory
- ./configure
- sudo make install
Upvotes: 8
Reputation: 136
As mentioned before you can use --extra-vars (-e) , but instead of specifying the pwd on the commandline so it doesn't end up in the history files you can save it to an environment variable. This way it also goes away when you close the session.
read -s PASS
ansible windows -i hosts -m win_ping -e "ansible_password=$PASS"
Upvotes: 10
Related Questions
- How to specify the private SSH-key to use when executing shell command on Git?
- Ansible: create a user with sudo privileges
- Specifying ssh key in ansible playbook file
- Safely limiting Ansible playbooks to a single machine?
- How to run an ansible-playbook with a passphrase-protected-ssh-private-key?
- Missing sudo password in Ansible
- SSH Error: Permission denied (publickey,password) in Ansible
- Ansible 2.1.2 playbook pass SSH password and sudo password as command line args
- Ansible SSH as one user and Sudo as another