Reputation: 129
How to set a variable at runtime in Ansible?
The whole goal of what I am trying to do, is to become root user and run a process. However, I created a process that, I call a auxiliary host and run a script that grabs the root password for whichever Linux host I want. After that, I pass the password back to the var ansible_become_password:. Though every time I pass it, it throws the error "password is undefined.
I looked up the variable precedence, but when I tried a different way, I received the same error.
Code:
# Root
- name: Run as root user. privileged escalation using su
hosts: 10.x.x.1
gather_facts: false
vars:
root_user: root
ansible_become_password: "{{ password.stdout }} "
tasks:
- name: Get root password
shell: /tmp/rootAccess.sh hostname
register: password
- debug:
msg: "{{ password.stdout }}"
delegate_to: 10.x.x.2
- name: whoami as root (su)
command: whoami
register: output_root_su
become_user: "{{ root_user }}"
become_method: su
become: yes
- name: output of 'whoami' (su)
debug:
msg: "user: {{ output_root_su.stdout }} "
Error:
fatal: [10.x.x.1]: FAILED! => {"msg": "The field 'become_pass' has an invalid value, which includes an undefined variable. The error was: 'password' is undefined"}
Upvotes: 3
Views: 2921
Answers (1)
Reputation: 68189
It is possible to declare ansible_become_password with the module set_fact after the password was entered.
The play below
- hosts: test_01
gather_facts: no
become: no
remote_user: admin
vars:
root_user: root
# ansible_become_password: "{{ password.user_input }}"
tasks:
- command: whoami
register: result
- debug:
var: result.stdout
- pause:
prompt: "Enter password"
register: password
- set_fact:
ansible_become_password: "{{ password.user_input }}"
- debug:
var: ansible_become_password
- command: whoami
register: result
become: yes
become_method: su
become_user: "{{ root_user }}"
- debug:
var: result.stdout
gives
PLAY [test_01] *********************************************************************************************
TASK [command] *********************************************************************************************
changed: [test_01]
TASK [debug] ***********************************************************************************************
ok: [test_01] => {
"result.stdout": "admin"
}
TASK [pause] ***********************************************************************************************
[pause]
Enter password:
[[ok: [test_01]
TASK [set_fact] ********************************************************************************************
ok: [test_01]
TASK [debug] ***********************************************************************************************
ok: [test_01] => {
"ansible_become_password": "password"
}
TASK [command] *********************************************************************************************
changed: [test_01]
TASK [debug] ***********************************************************************************************
ok: [test_01] => {
"result.stdout": "root"
}
PLAY RECAP *************************************************************************************************
test_01 : ok=7 changed=2 unreachable=0 failed=0
Notes
Lazy Evaluation does not work properly with ansible_become_password, obviously.
Module pause provides a convenient method to enter variables at runtime.
There is an extra space before the closing quote. This would render the password wrong.
ansible_become_password: "{{ password.stdout }} "
Upvotes: 3
Related Questions
- How do I set a variable from an external command in ansible
- Is it possible to set variable in variable with ansible?
- How to set ansible configuration variables run time
- How ansible assign values to variables?
- Defining constant variable in Ansible Playbook
- How can I dynamically change an Ansible variable?
- How can i assign a varaible in a variable
- Ansible - Write variable to config file
- Dynamically set value in ansible playbook
- How can I set playbook-level variables in Ansible?