Is there a way how to change vault password during a play? I would like to have a role for ansible server with all necessary setup including vault password setting. Just install Ansible, pull from Git and play - without any params i.e. ansible prompt me for vault password during a play.
But when I defined vault_password_file I cannot change the password on the fly. If I modify the file during a play then all task still using original password.
Unfortunatelly I did not find any way for refresh base ansible setup during play.
I tried to do it with my plugin but it looks like the plugins/tasks have separate contexts. The place where is the password stored is DataLoader which is included to tasks and some type of plugins but it look like the loader is cloned. I did not find the place where but it must be. The plugin print old password and set new password and print the new password. And if it run twice in the one play then it print the same old password.
Here is mine implementation:
https://bitbucket.org/vaclav_doubek/ansible-test
and the output:
`
$ ansible-playbook prepare_localhost.yml
Insert vault pass:
PLAY [localhost] **************************************************************************************************************************************************************************************************************************************************************
TASK [Gathering Facts] ********************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [ansibleserver : Modify Vault password file] *****************************************************************************************************************************************************************************************************************************
changed: [localhost]
RUNNING HANDLER [ansibleserver : Reset vault password] ************************************************************************************************************************************************************************************************************************
Current value: aaa
New value: eee
Value set to: eee
ok: [localhost]
TASK [ansibleserver : Just call Reset vault password plugin again] ************************************************************************************************************************************************************************************************************
changed: [localhost]
RUNNING HANDLER [ansibleserver : Reset vault password] ************************************************************************************************************************************************************************************************************************
Current value: aaa
New value: eee
Value set to: eee
ok: [localhost]
PLAY RECAP ********************************************************************************************************************************************************************************************************************************************************************
localhost : ok=5 changed=2 unreachable=0 failed=0
`
Of course I can use two plays for this purpose. In the second play the password will be from fresh file. But is there someone who know a way to do it in sigle play?
(I prefer use common modules like copy etc. instead of decrypt a file via my plugin.)