-b and password prompting in ansible 1.9

[Anand Buddhdev]

I usually use ansible with the "-sK" flags (use sudo, and ask for sudo password). Now I've noticed the new "-b" flag. So I wanted to use it, but I'm told I can't use "-b" and "-K" together. So I have to type:

-b --ask-become-pass

Is there a plan to introduce a short form for --ask-become-pass?

Regards,

Anand

[Brian Coca]

I was actually planning to soften the restriction and allow -K to work with -b




--
Brian Coca

[Vince Skahan]

On Thursday, March 26, 2015 at 9:18:17 AM UTC-7, Brian Coca wrote:

I was actually planning to soften the restriction and allow -K to work with -b

That would be helpful.

The new syntax is unclear to me, and I'm not understanding why you deprecated the old clear/concise syntax.

Consider a raspberry pi where you login as user 'pi' and sudo your commends:

old:

 -k -u pi --sudo

new:

    -k -u pi -b --become-user=root --become-method=sudo

Or do your defaults mean that the new way would just be:

      -k -u pi -b

(in which case, what value was replacing a nice and clear/concise --sudo with a cryptic -b where we need to know the defaults for which user and method) ?

[Brian Coca]

First, the sudo and su options continue to work, so you can continue
to run the commands as you did before.

The new 'become' is to have a single way to deal with the expanding
privilege escalation methods (pbrun, pfexec, runas, etc).

Sadly making something more flexible tends to add complexity, a 3rd
parameter in this case 'become_method'. Sudo is set as the default for
this, but you can change this in ansible.cfg to suit your needs.

--
Brian Coca

[Anand Buddhdev]

On 29 March 2015 at 04:29, Vince Skahan <vince...@gmail.com> wrote:

The new syntax is unclear to me, and I'm not understanding why you deprecated the old clear/concise syntax.

Actually, I think the new -b option makes sense in general. It avoids the need to add new command-line parameters for additional privilege escalation methods. However, I was just concerned that I needed to type --ask-become-pass each time, instead of a short option. So either allowing -K to keep working, or introducing a new short option for password prompting would be good.

I notice that lowercase 'p' is still unused. How about making '-p' short for --ask-become-password? Then, ansible would figure out the become method, and prompt accordingly. So I could type:

ansible -bp

and ansible would prompt:

sudo password:

If I also add --become-method=su (or set it in ansible.cfg), then ansible would prompt for the "su" password.

Anand

[Brian Coca]

Sadly -p is taken for roles path, which does not currently affect
ansible-playbook, but will be added in v2. My current candidate is -w.


--
Brian Coca

[Anand Buddhdev]

On 29 March 2015 at 16:00, Brian Coca <bc...@ansible.com> wrote:

Sadly -p is taken for roles path, which does not currently affect
ansible-playbook, but will be added in v2. My current candidate is -w.

Oh shame. I guess Dutch people will find it easier to remember though (password is wachtwoord in Dutch) :)

Anand

[Brian Coca]

I wonder if that is why that is the switch for password on ldap tools ....


--
Brian Coca

[Jan-Piet Mens]

> I wonder if that is why that is the switch for password on ldap tools ....

passWord because it came after `p'ort IIRC ;-)

-JP