Is there a way how to change vault password during a play? I would like to have a role for ansible server with all necessary setup including vault password setting. Just install Ansible, pull from Git and play - without any params i.e. ansible prompt me for vault password during a play.
But when I defined vault_password_file I cannot change the password on the fly. If I modify the file during a play then all task still using original password. Unfortunatelly I did not find any way for refresh base ansible setup during play. I tried to do it with my plugin but it looks like the plugins/tasks have separate contexts. The place where is the password stored is DataLoader which is included to tasks and some type of plugins but it look like the loader is cloned. I did not find the place where but it must be. The plugin print old password and set new password and print the new password. And if it run twice in the one play then it print the same old password. Here is mine implementation: https://bitbucket.org/vaclav_doubek/ansible-test and the output: $ ansible-playbook prepare_localhost.yml Insert vault pass: PLAY [localhost] ************************************************************************************************************************************************************************************************************************************************************** TASK [Gathering Facts] ******************************************************************************************************************************************************************************************************************************************************** ok: [localhost] TASK [ansibleserver : Modify Vault password file] ***************************************************************************************************************************************************************************************************************************** changed: [localhost] RUNNING HANDLER [ansibleserver : Reset vault password] ************************************************************************************************************************************************************************************************************************ *Current value: aaa* *New value: eee* *Value set to: eee* ok: [localhost] TASK [ansibleserver : Just call Reset vault password plugin again] ************************************************************************************************************************************************************************************************************ changed: [localhost] RUNNING HANDLER [ansibleserver : Reset vault password] ************************************************************************************************************************************************************************************************************************ *Current value: aaa* *New value: eee* *Value set to: eee* ok: [localhost] PLAY RECAP ******************************************************************************************************************************************************************************************************************************************************************** localhost : ok=5 changed=2 unreachable=0 failed=0 Of course I can use two plays for this purpose. In the second play the password will be from fresh file. But is there someone who know a way to do it in sigle play? (I prefer use common modules like copy etc. instead of decrypt a file via my plugin.) -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/a882315c-ac32-41f6-82e1-be538c0af0df%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
