[ansible-project] Re: su for role and password from vault

Wed, 03 Jun 2015 01:38:08 -0700 

Ok, I've got a working solution after some trial and error. Here it is for 
reference ...


Role vars, where sysipf1_pwd is stored in a vault:

Enter code here...---
# file: roles/java/vars/main.yml

ansible_become_pass: "{{ sysipf1_pwd }}"

java_directory: "{{ ipf_soft_dir }}/java"
java_archive: server-jre-8u45-linux-x64.tar.gz
java_path: "{{ java_directory }}/jdk1.8.0_45/bin"
java_home: "{{ java_path }}/java"


The play:

Enter code here...---
# This is the playbook to install java.

- hosts: ansible
  become: yes
  become_method: su
  become_user: "{{ sysipf1_user}}"
  roles:
  - java


What still confuses me is why it doesn't work to put the become-directives 
entirely in the vars file:

---
# file: roles/java/vars/main.yml

ansible_become: True
ansible_become_method: su
ansible_become_user: "{{ sysipf1_user}}"
ansible_become_pass: "{{ sysipf1_pwd }}"

java_directory: "{{ ipf_soft_dir }}/java"
java_archive: server-jre-8u45-linux-x64.tar.gz
java_path: "{{ java_directory }}/jdk1.8.0_45/bin"
java_home: "{{ java_path }}/java"


And the play without any reference become directives:

---
# This is the playbook to install java.

- hosts: ansible
  roles:
  - java

This leads to an error:

fatal: [my_server_name] => ssh connection closed waiting for a privilege 
escalation password prompt

Cheers,

Jan



On Wednesday, June 3, 2015 at 8:23:22 AM UTC+2, [email protected] 
wrote:
>
> Hi guys,
>
> I need to run my roles as different user. However, the users don't have 
> login permissions. I need to su after logon with the user that executes the 
> ansible playbook.
>
> I've already stored the different user ids and passwords in a vault. But I 
> don't know where to point to the password.
>
> - hosts: abc1
>   su: yes
>   su_user: "{{ sysabc1 }}"
>   ??? su_password: "{{ sysabc1_pwd }}"
>   tasks:
>     - shell: whoami
>
> Thanks,
>
> Jan
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/080382e3-4cf9-450a-a7e9-10a91f414c9f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to