1/13/2024 0 Comments Msg missing sudo password ansiblebash_profile file of the remote user: vi ~/.bash_profileĪNSIBLE_VAULT_PASSWORD_FILE=~/.ansible/.vault_pass.txtĮxport ANSIBLE_VAULT_PASSWORD_FILE 3. vi ~/.ansible/.vault_pass.txtĮnsure permissions on the file are such that no one else can access your key and do not add your key to source control: chmod 640 ~/.ansible/.vault_pass.txt Add ANSIBLE_VAULT_PASSWORD_FILE environment variableĪnd add the environment variable ANSIBLE_VAULT_PASSWORD_FILE to. The password should be a string stored as a single line in the file. vault_pass.txt file to keep your vault password in it. Then move my_vault.yml file to ~/.ansible folder: mv my_vault.yml ~/.ansible/my_vault.yml Create a file to keep your Vault passwordĬreate. The next step is create a new encrypted data file called my_vault.yml, executing this : ansible-vault create my_vault.ymlĪfter providing the Vault password, an editor will appear and we only need to add the following with our own sudo password, and save de file how we would do with Vi editor (:wq). Generate an encrypted vars-file for your password with Ansible-Vault We will generate later using ansible-vault command.Ģ. This means that I am able to connect via ssh with the remote user without entering the password.įor example, this is the header of a simple Playbook: -īecome: yes FAILED! => ’: is the variable that contain the sudo password value. And to activate it we just have to set become variable to yes.Ĭurrently I have commented the line of ansible_ssh_pass variable because I prefer to use a ssh trust relationship between Ansible master and the remote servers. Sudo means that when you execute a command with sudo the command is actually executed by the root user, instead the login user. To do that is necessary to elevate privileges using sudo. But this user is not an user with enough privileges to install packages or change some configurations of the system. With ansible_user variable I’m telling to Ansible which is the user that will connect by ssh to the remotes servers, in my case the user is always “ remote“. There are different methods of privilege escalation but the most common to use is sudo method.įor example I’m using in my inventory(/etc/ansible/hosts) the following variables: # VARS To escalate privileges is necessary to set become variable to yes: “ become: yes”. Sometimes is necessary to execute the tasks of the Playbook with root user in the remote servers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |