Reputation: 63
Ansible - run playbook by providing sudo hash password
I am trying to run an Ansible playbook in CLI by providing the hash of the pass.
Instead of running this command:
ansible-playbook -i inventory/inventory.yml playbooks/changedefaults.yml --extra-vars "ansible_sudo_pass=password"
I want to provide the hash of the string password like this:
ansible-playbook -i inventory/inventory.yml playbooks/changedefaults.yml --extra-vars "ansible_sudo_pass=$6$rounds=656000$nv6b5eRCf0MA3Uth$YLcyFUT63rTMB8crCejv5IdyOYIpv62l5FVt.jjw4cNuqPX8HyYwmx/w48SFq/LJtYLrEV92mje7jV0Nfm/9g0"
How can I run this variable ansible_sudo_pass with the hash?
Upvotes: 0
Views: 475
Answers (1)
Reputation: 106498
You're already in a position where you're running this command (presumably) by hand, so instead of passing the password in to the playbook in an insecure fashion, use ask-become-pass instead.
ansible-playbook -i inventory/inventory.yml playbooks/changedefaults.yml --ask-become-pass
If you have a need to do this in autonomous fashion (e.g. you're always going to become some user, or root), then you should reconsider how your playbook is structured. Using become is largely meant to be overseen by some responsible administrator, and isn't meant to be delegated to automation.
Upvotes: 1
Related Questions
- Specify sudo password for Ansible
- How to prompt for sudo password with ansible
- sudo password to run playbook for multiple hosts in single group
- How to invoke encrypted password inside ansible playbook?
- Ansible 2.1.2 playbook pass SSH password and sudo password as command line args
- Run Ansible playbook task with predefined username and password
- How can I run commands in sudo mode with ansible playbook?
- Ansible - Passing password to playbook command which uses --ask-become-pass option
- Ansible set password for complete play
- run ansible playbook with sudo