I am running off the stable-1.9 branch.
I have an vault password file that is part of the inventory. I use the variables from that file to populate ansible_ssh_pass in the appropriate group_vars/group file. So for example we have a win_pass variable in the vault file and then in the group_vars/windows_servers we have "ansible_ssh_pass: ‘{{win_pass}}’. This effectively get the right password to each host. What I want to do is to override ansible_ssh_pass using the ansible/ansible-playbook -k flag. I would expect this flag to take precedence over inventory defined password information. Currently if the ansible_ssh_pass variable is set the -k flag is ignored.
Does anyone know the expected behavior in this situation?
We are using password auth to do initial config on the machine before pushing out a public key to the hosts so please refrain from the “you really should be using key authentication” comments.
Thanks in advance
–Marc