“anable devient sudo pawwsord” Réponses codées

anable devient sudo pawwsord

ansible-playbook playbook.yml -i inventory.ini --user=username \
                              --extra-vars "ansible_sudo_pass=yourPassword"
DreamCoder

anable devient sudo pawwsord

Probably the best way to do this - assuming that you can't use the NOPASSWD solution provided by scottod - is to use Mircea Vutcovici's solution in combination with Ansible vault Archived.
For example, you might have a playbook something like this:

- hosts: all

  vars_files:
    - secret

  tasks:
    - name: Do something as sudo
      service: name=nginx state=restarted
      sudo: yes
      
Here we are including a file called secret which will contain our sudo password.
We will use ansible-vault to create an encrypted version of this file:


ansible-vault create secret
This will ask you for a password, then open your default editor to edit the file. You can put your ansible_sudo_pass in here.

e.g.: secret:

ansible_sudo_pass: mysudopassword
Save and exit, now you have an encrypted secret file which Ansible is able to decrypt when you run your playbook. Note: you can edit the file with ansible-vault edit secret (and enter the password that you used when creating the file)

The final piece of the puzzle is to provide Ansible with a --vault-password-file which it will use to decrypt your secret file.
Create a file called vault.txt and in that put the password that you used when creating your secret file. The password should be a string stored as a single line in the file.

From the Ansible Docs:
.. ensure permissions on the file are such that no one else can access your key and do not add your key to source control

Finally: you can now run your playbook with something like
ansible-playbook playbook.yml -u someuser -i hosts --sudo --vault-password-file=vault.txt 
The above is assuming the following directory layout:

.
|_ playbook.yml
|_ secret
|_ hosts
|_ vault.txt
DreamCoder

anable devient sudo pawwsord

Ansible 2.0 (not 100% when) marked --ask-sudo-pass as deprecated. The docs now recommend using --ask-become-pass instead, while also swapping out the use of sudo throughout your playbooks with become.
DreamCoder

Réponses similaires à “anable devient sudo pawwsord”

Questions similaires à “anable devient sudo pawwsord”

Parcourir les réponses de code populaires par langue

Parcourir d'autres langages de code