Search code examples
linuxshellansiblebase64sssd

How do we use encoded value in playbook and decode it whenever needed in ansible playbook?

I am trying to use ansible-pull method for running a playbooks with extra vars on run time of playbooks.

Here is how i needed to run my playbook with vars looks like.

ansible-playbook decode.yml --extra-vars "host_name=xxxxxxx  bind_password=xxxxxxxxx swap_disk=xxxxx"

The bind_password will have encoded value of admin password. and i have tried writing below playbook for it.

I am able to debug every value and getting it correctly but after decoding password not getting exact value or not sure whether i am doing it correct or not?

---

- name: Install and configure AD authentication
  hosts: test
  become: yes
  become_user: root

vars:
   hostname: "{{ host_name }}"
   diskname: "{{ swap_disk }}"
   password: "{{ bind_password }}"

tasks:

  - name: Ansible prompt example.
    debug:
     msg: "{{ bind_password }}"

  - name: Ansible prompt example.
    debug:
     msg: "{{ host_name }}"

  - name: Ansible prompt example.
    debug:
     msg: "{{ swap_disk }}"

  - name: Setup the hostname 
    command: hostnamectl set-hostname --static "{{ host_name }}" 

  - name: decode passwd
    command: export passwd=$(echo "{{ bind_password }}" | base64 --decode)

  - name: print decoded password
    shell: echo "$passwd"
    register: mypasswd

  - name: debug decode value
    debug: 
      msg: "{{ mypasswd }}"

but while we can decode base64 value with command:

echo "encodedvalue" | base64 --decode

How can i run this playbook with ansible-pull as well.

later i want to convert this playbook into roles (role1) and then needs to run it as below:

How can we run role based playbook using ansible-pull?

Solution

  • The problem is not b64decoding your value. Your command should not cause any problems and probably gives the expected result if you type it manually in your terminal.

    But ansible is creating an ssh connection for each task, therefore each shell/command task starts on a new session. So exporting an env var in one command task and using that env var in the next shell task will never work.

    Moreover, why do you want to handle all this with so many command/shell tasks when you have all the needed tools directly in ansible ? Here is a possible rewrite of your last 3 tasks that fits into a single one.

      - name: debug decoded value of bind_password
    debug: 
      msg: "{{ bind_password | b64decode }}"