1

I want to push a new user's public key to a host invetory using Ansible. For that, a playbook was created like the following example.

---
- name: vms1 - Authorize hosts with pub key
  hosts: vms1
  tasks:
    - name: Copy ssh pub key to remote host
      ansible.posix.authorized_key:
        user: user1
        state: present
        key: "{{ lookup('file', '/home/controluser/.ssh/id_rsa.pub') }}"

- name: vms2 - Authorize hosts with pub key
  hosts: vms2
  tasks:
    - name: Copy ssh pub key to remote host
      ansible.posix.authorized_key:
        user: user2
        state: present
        key: "{{ lookup('file', '/home/controluser/.ssh/id_rsa.pub') }}"

- name: vms3 - Authorize hosts with pub key
  hosts: vms3
  tasks:
    - name: Copy ssh pub key to remote host
      ansible.posix.authorized_key:
        user: user3
        state: present
        key: "{{ lookup('file', '/home/controluser/.ssh/id_rsa.pub') }}"

The inventory goes like this. (with many more hosts)

[vms1]
192.168.7.211
192.168.7.212
192.168.7.213

[vms2]
192.168.7.21
192.168.7.22
192.168.7.23

[vms3]
192.168.7.111
192.168.7.112
192.168.7.113

Each play has its own host group and its own user. The playbook can be started with the following command.

ansible-playbook -k -i inventory playbook.yml

When using -k option, it only asks the SSH password once. The issue I have is that the password is different for each group. Therefore, I would like to input the password for each play.

How could the password be requested for each play?

Improve this question

1 Answer 1

Reset to default
1

Q: "How could the password be requested for each play?"

A: Use the variable ansible_password. For example, put the variable into the playbooks' vars

- hosts: vms1
  vars:
    ansible_password: connection passwd for vms1
  tasks:
    - name: Copy ssh pub key to remote host
      ...

- hosts: vms2
  vars:
    ansible_password: connection passwd for vms2
  tasks:
    - name: Copy ssh pub key to remote host
      ...

See details

shell> ansible-doc -t connection ssh

Read the passwords in the first play and use them later. For example, given the inventory

shell> cat hosts
[vms1]
192.168.7.211
192.168.7.212
192.168.7.213

[vms2]
192.168.7.21
192.168.7.22
192.168.7.23

[vms3]
192.168.7.111
192.168.7.112
192.168.7.113

The playbook below

shell> cat pb.yml
- hosts: all
  gather_facts: false
  tasks:
    - block:
        - pause:
            prompt: "Password for {{ item }}"
          register: out
          loop: "{{ groups|difference(['all', 'ungrouped']) }}"
        - set_fact:
            passwords: "{{ dict(out.results|json_query('[].[item, user_input]')) }}"
        - debug:
            var: passwords
      run_once: true

- hosts: vms1
  gather_facts: false
  vars:
    ansible_password: "{{ passwords.vms1 }}"
  tasks:
    - debug:
        msg: "Copy ssh pub key to remote host by '{{ ansible_password }}'"
      run_once: true

- hosts: vms2
  gather_facts: false
  vars:
    ansible_password: "{{ passwords.vms2 }}"
  tasks:
    - debug:
        msg: "Copy ssh pub key to remote host by '{{ ansible_password }}'"
      run_once: true

- hosts: vms3
  gather_facts: false
  vars:
    ansible_password: "{{ passwords.vms3 }}"
  tasks:
    - debug:
        msg: "Copy ssh pub key to remote host by '{{ ansible_password }}'"
      run_once: true

prompts the user for the passwords in the first play and uses them later

shell> ansible-playbook -i hosts pb.yml 

PLAY [all] ***********************************************************************************

TASK [pause] *********************************************************************************
[pause]
Password for vms1:
passwd for vms1^Mok: [192.168.7.211] => (item=vms1)
[pause]
Password for vms2:
passwd for vms2^Mok: [192.168.7.211] => (item=vms2)
[pause]
Password for vms3:
passwd for vms3^Mok: [192.168.7.211] => (item=vms3)

TASK [set_fact] ******************************************************************************
ok: [192.168.7.211]

TASK [debug] *********************************************************************************
ok: [192.168.7.211] => 
  passwords:
    vms1: passwd for vms1
    vms2: passwd for vms2
    vms3: passwd for vms3

PLAY [vms1] **********************************************************************************

TASK [debug] *********************************************************************************
ok: [192.168.7.211] => 
  msg: Copy ssh pub key to remote host by 'passwd for vms1'

PLAY [vms2] **********************************************************************************

TASK [debug] *********************************************************************************
ok: [192.168.7.21] => 
  msg: Copy ssh pub key to remote host by 'passwd for vms2'

PLAY [vms3] **********************************************************************************

TASK [debug] *********************************************************************************
ok: [192.168.7.111] => 
  msg: Copy ssh pub key to remote host by 'passwd for vms3'

PLAY RECAP ***********************************************************************************
192.168.7.111: ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
192.168.7.21:  ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
192.168.7.211: ok=4    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.