[ansible-project] connection to multiple hosts with all different passwords
Hi all, I'm new to Ansible, so please excuse myl lack of knowledge I'm tryting to handle multiple hosts that need to execute some tasks being root. While it's not a good idea to have all root-ssh-keys stored on one machine (the Ansible host), I want to connect to a box using a generic "ansible" user and then do a sudo (or su) to root All hosts have different root-passwords. So I put some in an ansible-vault file and encrypted it. Now I trie to build a playbook, that connects to a group of hosts - using the "ansible" user - sudo to root and e.g. 'apt-get upgrade' According to the hostname, the matching root-password should be read from the ansible-vault file. I know that I can specify the decrypt password with "--ask-vault-pass". But how to tell the Playbook to look for a certain id, get the password and performe the sudo ? regards -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/96ec2e60-8322-4d79-a9f0-c4c2d22c2d13%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Howto read variables from an vaut encrypted file
Hi all,
the following task may sound easy but actually it fails all the time ...
I want to store my password in a variable and put it into an ansible-vault
encrypted file.
The content of this file will look like this:
---
root_pass_sirius: "{{ TesT1234 }}"
Now my check.yml shall read the encrypted file, get the password and login
---
- hosts: sirius
remote_user: ansible
# gather_facts: no
become: yes
become_method: su
vars_files:
- enc_vars.yml
vars:
ansible_become_pass: '{{ root_pass_sirius }}'
But the login fails with:
FAILED! => {
"msg": "The field 'become_pass' has an invalid value, which includes an
undefined variable. The error was: {{ Test1234 }}: 'TesT1234' is
undefined\nexception type: \nexception: {{ TesT1234 }}:
'TesT1234' is undefined"
}
So it looks like ansible is unable to get the variable out of the encrypted
file ... but WHY ?
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/d71c7596-d7d4-435f-a4dd-dbec7ed369e8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Howto read variables from an vaut encrypted file
Hi Brian, of course not. it's supposed to be the value of 'root_pass_sirus' ... Am Donnerstag, 8. März 2018 01:13:24 UTC+1 schrieb Brian Coca: > > Ansilbe reads the 'root_pass_sirus' variable fine, the problem is that > 'TesT1234' variable isn't defined anywhere. > > > -- > -- > Brian Coca > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/fb17c895-772f-4e03-a8fe-dc41cdf7b8e2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: Howto read variables from an vaut encrypted file
unbeliveable ... but that was it !!
Thanks a lot :)
Am Mittwoch, 7. März 2018 22:07:53 UTC+1 schrieb necc...@gmail.com:
>
> Hi all,
>
> the following task may sound easy but actually it fails all the time ...
>
> I want to store my password in a variable and put it into an ansible-vault
> encrypted file.
> The content of this file will look like this:
>
> ---
> root_pass_sirius: "{{ TesT1234 }}"
>
> Now my check.yml shall read the encrypted file, get the password and login
>
> ---
> - hosts: sirius
> remote_user: ansible
> # gather_facts: no
> become: yes
> become_method: su
> vars_files:
> - enc_vars.yml
>
> vars:
> ansible_become_pass: '{{ root_pass_sirius }}'
>
>
> But the login fails with:
>
> FAILED! => {
> "msg": "The field 'become_pass' has an invalid value, which includes
> an undefined variable. The error was: {{ Test1234 }}: 'TesT1234' is
> undefined\nexception type: 'ansible.errors.AnsibleUndefinedVariable'>\nexception: {{ TesT1234 }}:
> 'TesT1234' is undefined"
> }
>
> So it looks like ansible is unable to get the variable out of the
> encrypted file ... but WHY ?
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/c03058c4-c5d8-4fe3-b1ac-80db19521b24%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
