9

I need to use my --ask-become-pass password in an expect script. Is there any way to use the password entered when starting Ansible playbook in a variable?

Pseudo-code:

# ansible-playbook --become --ask-become-pass -i testing master.yml
BECOME password: secretpassword

then in the task

- name: use pw variable in task
  expect:
   command: /bin/bash -c "/usr/bin/my_command"
   responses:
     Password: "{{ prompted_pass }}"

where I would want expect to enter "secretpassword" when reading the "Password" prompt.

I know about become_user, unfortunately it does not help in my case as a Remote Server asks for the password - but it is the same as the become_password.

I tried dumping vars and environment, but could not find anything helpful.

Dave M
  • 4,494
TobiM
  • 181
  • 1
  • 1
  • 7

2 Answers2

6

No. Interactive become password is not available to the playbook.

One alternative is to not use --ask-become-pass instead provide the become password as a variable. Define variable ansible_become_password to be a lookup expression, which gets the password from whatever secret storage you use. Also use this var for the other program's password.

John Mahowald
  • 36,071
1

Yes. Interactive become password could be implemented in the playbook with pause module – Pause playbook execution as follow

---
- hosts: test
  gather_facts: false
  become: false

tasks:


    

  • name: --ask-become-pass
pause:
  prompt: "Password:"
  echo: false
register: password
    

    • 

  • shell:
  cmd: id
register: result
become: true
vars:
  ansible_become_password: "{{ password.user_input }}"
    

    • 

  • debug:
  var: result.stdout
    

    •

resulting into an test output of

ansible-playbook --ask-pass become.yml
SSH password:

PLAY [test] *****************************************************
[--ask-become-pass]
Password: (output is hidden):


TASK [--ask-become-pass] ****************************************
ok: [test.example.com]


TASK [shell] ****************************************************
changed: [test.example.com]


TASK [debug] ****************************************************
ok: [test.example.com] =>
  result.stdout: uid=0(root) gid=0(root) groups=0(root) <omitted>

The content of the variable password.user_input could also be used for expect or other tasks. But as one can see from the example, one has to organize the tasks accordingly and enhance them with the necessary functionality.

Similar Q&A

Further Documentation

U880D
  • 1,275