I try to write an Ansible yml that reads the root-passwords from an encrypted vault-file and then pass it to become_pass:
- hosts: sirius
remote_user: ansusr
become: yes
vars_files:
- vault_vars.yml
become_pass: "{{ root_pass_sirius }}"
But this fails: ERROR! 'become_pass' is not a valid attribute for a Play
But why ? - According to the Ansible documentation this is a valid command.
According to the Ansible documentation this is a valid command.
Wrong. become_pass is not a valid attribute (and it is not a command after all) for a Play.
Please see List of Behavioral Inventory Parameters. There is ansible_become_pass variable.
So you need to set a variable:
- hosts: sirius
remote_user: ansusr
become: yes
vars_files:
- vault_vars.yml
vars:
ansible_become_pass: "{{ root_pass_sirius }}"