"Incorrect sudo password" when trying to dynamically set ansible_sudo_pass

[Aaron Caskey]

Hi. I am trying to set up an environment using different passwords for different hosts:

In ./group_vars/all  I have the line:

---
ansible_sudo_pass: "{{ lookup('password', 'passwords/' + inventory_hostname) }}"
#ansible_sudo_pass: <hardcoded test password>

(basically stolen from this page: http://serverfault.com/questions/560106/how-can-i-implement-ansible-with-per-host-passwords-securely)

And the corresponding password files exist.

My testing playbook is:

---
- hosts: all
  sudo: no
  tasks:
    - name: Some name
      debug: msg="!{{ ansible_sudo_pass }}!."

It works with sudo set to "no" and outputs the correct password strings for each host.

If I set sudo to "yes" I get: 

fatal: [<hostname>] => Incorrect sudo password

for each host

If I uncomment out the second line in group_vars/all then it works (for the host with that password, which is all of them while I test)

What am I doing wrong here?

[Michael DeHaan]

"If I uncomment out the second line in group_vars/all then it works (for the host with that password, which is all of them while I test)"

(A)

If you have a variable in a file twice, the second one is going to win when it loads, because it's a hash and there's only room for one.

I suspect the second password is valid.  Not to say anything about the first.

(B)

You can't use the lookup plugins that early in the variable cycle, and probably are overcomplicating this bit some by doing so. 

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/9e7a7e4d-a72b-4694-8434-4a48f7a4c5bb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.