How to specify become password for tasks delegated to localhost

依然范特西╮ 提交于 2021-01-29 17:27:27

问题


I have a playbook that targets a particular host. But there are few tasks that I need to execute locally, so i am using "delegate_to" for those tasks. A few locally delegated tasks require sudo privileges, so I used "become: yes" and passed --ask-become-pass through command line and it worked fine. But now when I have created a job on ansible tower, how do I manage to provide become password for the user(i guess awx user) that is running the job???


回答1:


You'll want to set the special variable ansible_become_password, described in https://docs.ansible.com/ansible/latest/user_guide/become.html#become-connection-variables.

Because you'll be storing the password as a variable for your playbook(s), you'll notice they recommend encrypting the password with Ansible Vault to avoid storing a clear-text password.

Assuming you're storing your code/playbooks in git, there are a few options to consider:

  1. Storing the Vault password in a file
  2. Updating .gitignore to ignore the Vault password file
  3. Updating ansible.cfg to set the default Vault password file (example below)
[defaults]
vault_password_file = .vault_password

I lack experience with Ansible Tower, but have done similar with Rundeck successfully. Hope that helps!




回答2:


While creating credentials you have an option in TOwer to use sudo username.

  1. PRIVILEGE ESCALATION USERNAME --- Mention your username there
  2. PRIVILEGE ESCALATION PASSWORD --- You can mention your passwords here or select "Prompt on Launch", option to enter password will come when you run template.

Please check this screen shot



来源:https://stackoverflow.com/questions/60427192/how-to-specify-become-password-for-tasks-delegated-to-localhost

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!