I am trying to find a way to add a check where playbook will exit Immediately if incorrect sudo password is entered by a user. As of now, If incorrect password is entered ansible would execute the playbook and each host will through error on the screen as Incorrect sudo password. I am using -K option along with my ansible command to prompt for sudo password. (I cannot store the password anywhere on the server to validate).
FAILED! => {“msg”: “Incorrect sudo password”}
Is there a way Ansible would not execute the playbook & not throw errors for each host as soon as it learns that the sudo password is Incorrect for one host and exit the playbook ?
Thanks for the response. Could you give me an example of how it should look like ? I am using become: true at the top for all my tasks. Please see below for reference:
Ahh I misunderstood what you are asking for, here is one way it could potentially be done
`
name: verify we can connect and become works
gather_facts: no
become: yes
any_errors_fatal: yes
tasks:
name: run a simple module with become to verify it works
ping:
name: continue playbook once we know we can connect and become works
remote_user: ops
become: yes
strategy: free
tasks:
… # add the normal tasks here
`
This runs 2 plays in your playbook where the first will run a simple command with become to verify that it works for all hosts and then continue onto the next play which is your normal one. When you specify “any_errors_fatal”[1] it will abort the play with a failure and Ansible will not continue onto the 2nd play as the first failed.
Correct me if I’m wrong, but an ansible command/playbook will only prompt you once for the sudo password; therefore, it’s safe to assume that if you’re running a single command/play on multiple hosts, they have the same sudo password.
I can try this but the problem here will be If there are any hosts which are unreachable then bcz of the fatal error ansible would exit out which I don’t want to happen. Is there any special way to check only for the purpose of authentication ?