ansible

Can Ansible check if password is correct before running playbook?


is there any mechanism that checks if the SSH/SUDO password is correct? When deploying a playbook across the whole environment, after putting in the wrong password, ansible runs on all hosts with the wrong password, it fails and my LDAP/AD account is locked out.


Solution

  • Since, as it turns out, Ansible does not seem to have this functionality, I decided to create a workaround myself: in site.yml, I added a role that only runs on one server and has 1 or optionally 2 tasks in it. The first one checks if login itself works, the second one checks if sudo works.

    - name: Check ssh password first
      command: echo "ssh password correct"
      changed_when: false
    
    - name: Check sudo password first
      command: echo "sudo password correct"
      become: yes
      changed_when: false