AnsibleUnsafeText as ansible_become_pass variable

Hi,
i’m unable the solve this and maybe there is no solution.
But i will try to teardown my problem.

Inside my hosts.yaml inventory file i supply the ansible_become_pass value for currently with this:

all:
  vars:
    ansible_become_pass: '{{ system[inventory_hostname|lower].password }}'

This information came from my vault file -e @vault/become_vault.yml
which has this construction:

system:
  my_host:
    password:  mysecret

this works pretty fine for a while now.

But now i want to change this and use a lookup solution for pass, i already use this inside my playbooks.

But it does not work, my query inside my hosts.yaml looks like

ansible_become_pass: "{{ lookup('community.general.passwordstore', 'clients/'+ inventory_hostname|lower + '/ansible_user')}}"

But it does not work as aspected, sudo and doas deny the password.

The only difference i found was that the password from the vault file is type AnsibleUnicodeand this from the lookup is type AnsibleUnsafeText

i guess the problem is how AnsibleUnsafeText is handle as ansible_become_pass

this unsafe tag is according to this a direct consequence from use of a lookup.

i try’d get get rid of this tag, so i can use it as input for ansible_become_pass, but without success.

so hopefully some here as a idea for a solution.

best hexa

Whether the password is marked unsafe or not should not make a difference. So the problem isn’t unsafe, but which part of ansible-core or a become plugin / something else inbetween screws this up. Could you provide information on how you use it so it results in a failure?

Thank you for pushing me to try create a isolated example of this issue.
I’m unable to recreate this problem, with other words … now it works without any problem.

I’m not sure whats happend, maybe just late night related issues.
Thanks and sorry for the noize.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.