how to require --ask-become-pass in ansible without a command-line flag

Question

I have a playbook that requires an sudo pass. I call the playbook with the --ask-become-pass and it works. It is possible to specify in the playbook so that it always asks for the sudo/become pass without the command line flag?

Answer 1

You cannot do this in a playbook, because password options are processed by the CLI before it opens a playbook file. However, you may enable the become_ask_pass configuration option to force ansible binaries to always ask for the become password. To enable this option, enter it in /etc/ansible/ansible.cfg or ~/.ansible.cfg in the [privilege_escalation] section:

[privilege_escalation]
become_ask_pass=True

Note that this causes Ansible to always ask for the escalation password, even for a simple command like ansible --list-hosts.