Setting auth_pass for use by ios_command from Ansible Tower
David Evans
Hi,
Short question:
Can someone tell me the name of the variable that is used to pass the privilege escalation password from Ansible Tower to a playbook?
Long question (same question with more context):
I'm taking a look at Ansible Tower (2.4.5) and one thing I'm interested in is managing cisco switches. For that reason I have installed Ansible 2.1 on the server running Tower (I'm not sure of the advisability of that, but this is an evaluation project and things seem to be working well generally). The problem I have relates to authentication and privilege escalation on the switches.
I have written an information gathering playbook to test authentication from Tower and it works using credentials defined in Tower. My next step is to add to the playbook to modify the configuration of the switch, but that requires privilege escalation and I cannot see how to achieve that.
The script given below does not work because 'ansible_become_pass' is undefined. If I hard code 'auth_pass' I know the playbook will run and I am sure that I will be able to add additional code to modify the configuration of the switch. But I want that password to come from the credentials defined in Tower, so that's not a viable solution.
I have defined the Tower credentials to use 'su' for privilege escalation, which is not true of course, but that at least gives me a place to put the password. I was expecting this password to be available as 'ansible_become_pass', but as that seems not be the case. Does anyone know how I can set 'auth_pass' to the value of the su password in the Tower credentials?
Playbook (contains error when setting 'auth_pass'):
---
- hosts: cisco_switches
gather_facts: no
connection: local
tasks:
- name: DEFINE PROVIDER
set_fact:
provider:
host: "{{ inventory_hostname }}"
username: "{{ ansible_ssh_user }}"
password: "{{ ansible_ssh_pass }}"
auth_pass: "{{ ansible_become_pass }}"
- name: RUN 'SHOW VERSION'
ios_command:
provider: "{{ provider }}"
commands:
- show version
register: version
- debug: var=version.stdout_lines
Thanks in advance for any assistance or advice.
Regards,
David
PS, I have an additional, but less important question:
How can I add code to this playbook that displays all the variables that are defined when it is run from Ansible Tower? I have tried various approaches that I have googled, but they don't seem to work, possibly because the device is a switch.
