My playbook is invoked with --ask-become-pass. The become password is supplied via an environmental variable on the Control machine.
Everything is working just fine for the many tasks I have which require privilege escalation. However, there's one or two tasks that require the password directly as part of the command. E.g. I was hoping I could use something like:
command: /foo/bar autoLoginUser {{ ansible_become_pass }}
...but I get the following: "The task includes an option with an undefined variable. The error was: 'ansible_become_pass' is undefined."
I'd rather not duplicate this password in the Vault if I can help it.
There is another way to supply the become password. As per the documentation:
- providing the --ask-become-pass command line option
- setting the ansible_become_password connection variable
This variable can be set in the inventory, like so:
webserver01 ansible_user=ansible ansible_become_password=secret
Or supplied from the command line instead of --ask-become-pass. Like so:
export MY_PASSWORD=secret
ansible-playbook myplaybook.yml -e "ansible_become_password=$MY_PASSWORD"
Since this variable is now set, you can then have tasks like:
command: "/foo/bar autoLoginUser {{ ansible_become_password }}"