Hello
I am using successfully ansible in my windows environment with Kerberos.
I am still having trouble if i want to execute a task as another user than my ansible user.
For example, i want to execute specific task as build user to make sure it’s home dir is present - if not i guess my command will create it by login this specific user.
build_usr_password is in the var files (i used the debug module to check i can access it)
name: Touching a file in order to make sure the account home dir is created.
win_stat:
path: C:\Users\build_usr
state: present
FullyQualifiedErrorId : LogonUser failed (The user name or password is incorrect, Win32ErrorCode 1326)
failed: [hasgqba110.ger.corp.intel.com] (item=bEeq07WG8-RQ.Myr9Ymd) => {
“changed”: false,
“item”: “bEeq07WG8-RQ.Myr9Ymd”,
“msg”: “LogonUser failed (The user name or password is incorrect, Win32ErrorCode 1326)”
}
How do i define the password for this task ? (the password is in the vault encrypted file, i don’t want to/can’t pass it via the CLI)
ansible-playbook 2.4.3.0
python version = 2.7.12 (default, Dec 4 2017, 14:50:18) [GCC 5.4.0 20160609]
I haven’t tried this myself but I am wondering if you maybe have a password containing a special character, such as $ - I have had trouble with passwords which contain characters which have reserved meaning in powershell in the past?
Also do you perhaps mean to use win_file module instead of win_stat? If I recall, win_stat only returns information on a file, such as whether it exists and is in the expected state, but win_file will ensure a file or directory exists
Hi
No $ but @ is there.
I created a service with the credentials so they are working. (win_service)
It’s just for this. And win_file or win_stat, it doesn’t matter, I can’t find out how to pass the password.
While become, become_method, become_flags, and become_user can be play or task directive, the password side is not and either needs to be specified with;
Passed in when calling ansible-playbook with -K
Set as a connection variable for the host
What you are looking for is to set the ansible_become_pass connection variable for the host, this can be done on either a host/group var set outside the playbook and makes it host specified. If you wanted to set it on the playbook/task side you can do it like this
It is still better to define it on the host/group side instead of the play/task side as you could define different password for each host that runs in a play and so on. Once other thing, the connection variables take precedence over the task directive, so setting ansible_become_user: someuser will override the task directory become_user: anotheruser.
, Win32Exception