ansiblepassword-less

how to use passwordless user in Ansible


We have a machine that use a password-less user to run few things. Our applicative user was configure to support sudo on that machine, so I can run "sudo su - " and became that user, without specifying password. (This is configured in the sudores file)

The problem is how to configure ansible that run playbooks using our applicative user, and it needs to became the passwordless user.

I tried to configure it like this- become: yes become_method: sudo become_user: But I get- "sudo: a password is required"

If I switch the method to "su" I get- ""Timeout (12s) waiting for privilege escalation prompt:"

Any idea? I understand that perhaps the become_flags can help, but have not saw much documentation on it


Solution

  • As explained in the become guide, you have to either set the ansible_become_password, preferably using vault, or as you stated set password-less sudo for your user.

    You can do that by editing your sudoers file, and setting appropriate directives. You typically edit the file with the command visudo. An example if your user is member of sudo group:

    %sudo  ALL=(ALL:ALL) NOPASSWD: ALL
    

    According to your setup this may need some variation.