Menu
I am a new user to ansible. I am attempting to use the privilege escalation feature to append a line to a file owned by root.
The following documentation tells me I can use --ask-become-pass with become_user to be prompted for the become_user password but I have no idea how to use it.
http://docs.ansible.com/ansible/become.html
My current code I am working with is as follows:
- name: Add deploy to sudoers
remote_user: me
become: yes
become_method: su
ask_become_pass: true
lineinfile:
dest=/etc/somefile
line=sometext
regexp="^sometext"
owner=root
state=present
insertafter=EOF
create=True
Which gives me the error: ERROR: ask_become_pass is not a legal parameter in an Ansible task or handler
Can anyone give me an idea of what I might be doing wrong here?
Thanks in advance.
541
Ansible allows you to 'become' another user, different from the user that logged into the machine (remote user). This is done using existing privilege escalation tools, which you probably already use or have configured, like sudo , su , pfexec , doas , pbrun , dzdo , ksu and others.
If the remote user needs to provide a password in order to run sudo commands, you can include the option --ask-become-pass to your Ansible command. This will prompt you to provide the remote user sudo password: ansible all -m ping --ask-become-pass.
You can pass variable on the command line via --extra-vars "name=value". You need to use the Sudo password variable named ansible_sudo_pass as shown below.
The doc says that ask_become_pass is a command line parameter. Which means you have to use it while executing the playbook:
ansible-playbook *playbook-name* --ask-become-pass
In this case ansible will ask for the password.
The other option ansible_become_pass can be used in the inventory or also as an extra_var. There you can set the password while executing the playbook.
158
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
