1.9 KiB
title, tags
| title | tags | ||
|---|---|---|---|
| Store Host Password |
|
Make a hosts file with one host (your computer) and one variable, just to test:
hosts_file=hosts
fort="$(fortune -s | head -1)"
cowvar=cowsays
echo "[cows]
$HOSTNAME $cowvar='${fort}'" > "${hosts_file}"
Now ansible should be able to show that '${cowvar}' in a debug message:
ansible -i "$hosts_file" -m debug -a "msg='{{ ${cowvar} }}'" $HOSTNAME
Now to convert the hosts file to yaml, because it's very fashionable:
yaml_hosts=hosts.yaml
ansible-inventory -i ${hosts_file} --list -y | tee "${yaml_hosts}"
Now you should see where the cowsays variable goes.
You can safely place your sudo password next to that variable goes with ansible-vault, which will encrypt just that string.
pass="your password"
ansible-vault encrypt_string --name='ansible_sudo_pass' "${pass}"
If that works, you can add the password, but in yaml format.
You can do this manually, or use gawk to add ten spaces in front of the lines:
pass="your password"
ansible-vault encrypt_string --name='ansible_sudo_pass' "${pass}" | awk '{print " " $0}' >> "${yaml_hosts}"
Now to check that the inventory file works okay:
ansible-inventory -i ${yaml_hosts} --list -y
ansible -i "$hosts_file" -m debug -a "msg='{{ ${cowvar} }}'" $HOSTNAME
If that works, you can echo the debug message while becoming root.
Just add the -J flag so it will ask for the password:
ansible -i "${yaml_hosts}" -m debug -a "msg='{{ ${cowvar} }}'" $HOSTNAME --become -J
ansible -i "${yaml_hosts}" -m debug -a "msg={{ ansible_sudo_pass }}" $HOSTNAME --become -J
Now you can update using Ansible.
For Arch Linux:
ansible -i "${yaml_hosts}" -m community.general.pacman -a 'upgrade=true update_cache=true' $HOSTNAME --become -J
For Debian:
ansible -i "${yaml_hosts}" -m ansible.builtin.apt -a 'upgrade=full' $HOSTNAME --become -J