Re: [ansible-project] Ansible Not Using `ansible_become_pass` Variable

[Chad Sheets]

Using Ansibles exact command on the remote machine doesn't prompt for a 
password at the terminal due to the flags passed to sudo. I am able to 
escalate using sudo on the remote machine when ssh'ed in as ansibles user.

I've actually made some progress since I submitted the post. I guess there 
was an issue with my playbook structure / variable scope or maybe a change 
to how scope is handled in 2.0.0.2 (I dont understand why a global var like 
ansible_become_pass should be restricted to a scope).

My playbook was structured as follows:

#|  Import encrypted host variables
- hosts: all
  vars_files:
    - host_vars/{{inventory_
hostname}}.yml
    - host_vars/{{inventory_hostname}}-encrypted.yml # <-- 
ansible_become_pass stored here
  tags: [ 'always' ]

#|  Initialization, run before further plays
- name: Initialize with Core Plays
  hosts: all
  become: yes
  roles:
    - role: users
    - role: hosts
  tags: [ 'initialize' ]



My mistake was inserting the debugging statement in the same `host` block 
the variables are imported in.

 my playbooks work when I import the variables following every `become` 
command in every play.

#|  Initialization, run before further plays
- name: Initialize with Core Plays
  hosts: all
  become: yes
  vars_files:
    - host_vars/{{inventory_hostname}}.yml
    - host_vars/{{inventory_hostname}}-encrypted.yml
  roles:
    - role: users
    - role: hosts
  tags: [ 'initialize' ]



This is sort-of annoying because I now have dozens of the same vars_files: 
statements in many different playbooks where I was able to declare it only 
once prior to 2.x.

I've looked but been unable to find the change in Ansible that causes this 
behavior. I assume I was importing variables incorrectly.

Thanks,
Chad


On Monday, April 25, 2016 at 7:21:38 AM UTC-8, Johannes Kastl wrote:
>
> On 25.04.16 04:12 Chad Sheets wrote: 
>
> > I can confirm ssh'ing into Remote-Computer and running only `sudo -H -S 
> -n 
> > -u root /bin/sh -c` returns the "sudo: a password is required" message. 
>
> What happens when you enter your password at the prompt you get when 
> manually calling the command? Does it work? 
>
> Johannes 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/d4c699d6-a2b8-410f-b530-224c155861b5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.