Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Ansible to Conditionally Prompt for a Variable?

I would like to be able to prompt for my super secure password variable if it is not already in the environment variables. (I'm thinking that I might not want to put the definition into .bash_profile or one of the other spots.)

This is not working. It always prompts me.

vars:   THISUSER: "{{ lookup('env','LOGNAME') }}"   SSHPWD:   "{{ lookup('env','MY_PWD') }}"  vars_prompt:   - name: "release_version"     prompt: "Product release version"     default: "1.0"     when: SSHPWD == null 

NOTE: I'm on a Mac, but I'd like for any solutions to be platform-independent.

like image 651
AnneTheAgile Avatar asked Aug 23 '14 21:08

AnneTheAgile


2 Answers

According to the replies from the devs and a quick test I've done with the latest version, the vars_prompt is run before "GATHERING FACTS". This means that the env var SSHPWD is always null at the time of your check with when.

Unfortunately it seems there is no way of allowing the vars_prompt statement at task level.

Michael DeHaan's reasoning for this is that allowing prompts at the task-level would open up the doors to roles asking a lot of questions. This would make using Ansible Galaxy roles which do this difficult:

There's been a decided emphasis in automation in Ansible and asking questions at task level is not something we really want to do.

However, you can still ask vars_prompt questions at play level and use those variables throughout tasks. You just can't ask questions in roles.

And really, that's what I would like to enforce -- if a lot of Galaxy roles start asking questions, I can see that being annoying :)

like image 159
adm_ Avatar answered Sep 21 '22 12:09

adm_


I might be late to the party but a quick way to avoid vars_prompt is to disable the interactive mode by doing that simple trick:

echo -n | ansible-playbook -e MyVar=blih site.yaml 

This add no control over which vars_prompt to avoid but coupled with default: "my_default" it can be used in a script.

Full example here:

--- - hosts: localhost   vars_prompt:     - prompt: Enter blah value     - default: "{{ my_blah }}"     - name: blah 

echo -n | ansible-playbook -e my_blah=blih site.yaml

EDIT:

I've found that using the pause module and the prompt argument was doing what I wanted:

--- - pause:       prompt: "Sudo password for localhost "   when: ( env == 'local' ) and       ( inventory_hostname == "localhost" ) and       ( hostvars["localhost"]["ansible_become_password"] is not defined )   register: sudo_password   no_log: true   tags:        - always 
like image 35
tehmoon Avatar answered Sep 21 '22 12:09

tehmoon