su for role and password from vault

knacktus · June 3, 2015, 6:23am

Hi guys,

I need to run my roles as different user. However, the users don’t have login permissions. I need to su after logon with the user that executes the ansible playbook.

I’ve already stored the different user ids and passwords in a vault. But I don’t know where to point to the password.

hosts: abc1
su: yes
su_user: “{{ sysabc1 }}”
??? su_password: “{{ sysabc1_pwd }}”

tasks:

shell: whoami

Thanks,

Jan

knacktus · June 3, 2015, 8:37am

Ok, I’ve got a working solution after some trial and error. Here it is for reference …

Role vars, where sysipf1_pwd is stored in a vault:

`
Enter code here…—

file: roles/java/vars/main.yml

ansible_become_pass: “{{ sysipf1_pwd }}”

java_directory: “{{ ipf_soft_dir }}/java”
java_archive: server-jre-8u45-linux-x64.tar.gz
java_path: “{{ java_directory }}/jdk1.8.0_45/bin”
java_home: “{{ java_path }}/java”
`

The play:

`
Enter code here…—

This is the playbook to install java.

hosts: ansible
become: yes
become_method: su
become_user: “{{ sysipf1_user}}”
roles:
java
`

What still confuses me is why it doesn’t work to put the become-directives entirely in the vars file:

`

Topic		Replies	Views
ansible-su-pass doesn't work with vault Ansible Developer	2	0	April 20, 2015
Change user while executing ansible script. Ansible Project	3	0	October 29, 2016
Problem with sudo su user Ansible Project	3	0	May 17, 2016
Trying to use become Get Help ansible-core , aws	4	104	October 19, 2024
Using Ansible with sudo su Ansible Project	1	1	October 26, 2015

su for role and password from vault

file: roles/java/vars/main.yml

This is the playbook to install java.

Related topics