I don't think I'm missing an '-e?' My understanding is that "ansible_ssh_pass" is a plain text password. I was trying to avoid having it sit on the file system unencrypted. I ran: ansible--ask-pass all -a"/bin/date"
and that worked fine. I'm trying to figure out how to use the vault to store and provide the root password. That part I am not quite understanding from the docs. Thanks! On Wednesday, November 14, 2018 at 12:45:14 PM UTC-5, Andrew Latham wrote: > > At first glance I think you are missing a "-e" on the command line and > setting the password correctly for the connection with "ansible_ssh_pass=" > in your vault file. The user should be defaulting to root but you can set > that also. > > On Wed, Nov 14, 2018 at 11:24 AM Brad Van Orden <[email protected] > <javascript:>> wrote: > >> I have a group of CentOS 7 servers that I want to run a playbook against >> to set up audit and rsyslog. The systems are currently set up for root ssh >> with password. One of the later tasks will be to turn off root ssh access, >> but for now, just need to figure out how to use a vault password file for >> connection. I created a vault-pw-file with: >> echo'vautl-passw'> vault-pw-file >> >> I then created an encrypted copy of the root password with: >> ansible-vault encrypt_string--vault-id my_user@~/vault-pw-file >> 'root-password'--name'bb_root'>vault_passwd >> >> I have in my ~/ansible.cfg: >> [defaults] >> inventory =$HOME/hosts >> vault_password_file=$HOME/vault_passwd >> >> I'm not quite following the documentation about how to actually use the >> vault password file. If I run: >> ansible all -m debug --vault-id my_user@~/vault-pw-file >> >> It gives me a success and "hello world" for each host. If I run: >> ansible all -m ping --vault-id my_user@~/vault-pw-file >> >> it says failed to connect to host via ssh. >> >> Sorry, I'm just not following the vault documentation. :( >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To post to this group, send email to [email protected] >> <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/269a9478-40c8-4333-bb5a-e41ff11b008a%40googlegroups.com >> >> <https://groups.google.com/d/msgid/ansible-project/269a9478-40c8-4333-bb5a-e41ff11b008a%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > > -- > - Andrew "lathama" Latham - > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/17d082b3-31ff-47f4-8ed0-3aba13210b7c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
