Ask sudo password only when needed

[anatoly techtonik]

Hi,

Can Ansible check that current sudo is active?

Right now it supports two modes:

1. Never asking password

2. Asking password every time

On my system, after I enter sudo pass, systems stops asking for sudo password for other commands for a few minutes. Is it possible to implement the same behavior in Ansible?

Right now I am executing `sudo ansible-playbook`, which makes fine-grained per-task `sudo:` entries somewhat pointless.

[Michael DeHaan]

It's totally not pointless.

If you sudo ansible, you are running ansible as root locally.

It sounds like you aren't managing any remote systems in your case, so you're in a minority use case.

Ansible is designed around managing remote systems, where sudo'ing ansible itself won't do you any good at all, which is why we have things like --sudo and --ask-sudo-pass

Ansible will work fine with your remote sudo system and feed in the password when required when the remotes need it.

However, you must always supply it, as Ansible doesn't want you saving your sudo password for those remote systems in the file.  Note:  this may not be the password used on the local system.

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--

Michael DeHaan <mic...@ansibleworks.com>
CTO, AnsibleWorks, Inc.
http://www.ansibleworks.com/

[anatoly techtonik]

On Fri, Dec 6, 2013 at 4:17 PM, Michael DeHaan <mic...@ansibleworks.com> wrote:
> It's totally not pointless.
>
> If you sudo ansible, you are running ansible as root locally.
>
> It sounds like you aren't managing any remote systems in your case, so
> you're in a minority use case.

Yes, I am running with local connection type to manage single node from within
the node itself. Like I have different protocol for remote access and
it is easier
for me to just upload everything there and execute ansible-playbook from
checkout.

> Ansible is designed around managing remote systems, where sudo'ing ansible
> itself won't do you any good at all, which is why we have things like --sudo
> and --ask-sudo-pass
>
> Ansible will work fine with your remote sudo system and feed in the password
> when required when the remotes need it.
>
> However, you must always supply it, as Ansible doesn't want you saving your
> sudo password for those remote systems in the file. Note: this may not be
> the password used on the local system.

I see. Still, if it is possible to hack it somehow easily for local
connection type.
I may spend a time to make a patch.

>
>
> On Fri, Dec 6, 2013 at 5:14 AM, anatoly techtonik <tech...@gmail.com>
> wrote:
>>
>> Hi,
>>
>> Can Ansible check that current sudo is active?
>>
>> Right now it supports two modes:
>> 1. Never asking password
>> 2. Asking password every time
>>
>> On my system, after I enter sudo pass, systems stops asking for sudo
>> password for other commands for a few minutes. Is it possible to implement
>> the same behavior in Ansible?
>>
>> Right now I am executing `sudo ansible-playbook`, which makes fine-grained
>> per-task `sudo:` entries somewhat pointless.
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ansible-proje...@googlegroups.com.
>>
>> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>
>
> --
> Michael DeHaan <mic...@ansibleworks.com>
> CTO, AnsibleWorks, Inc.
> http://www.ansibleworks.com/
>
> --

> You received this message because you are subscribed to a topic in the

> Google Groups "Ansible Project" group.

> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/ansible-project/VkaitAL0C38/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to