dynamically updating ansible_sudo_pass

[Scott McWhirter]

Hi all,

I'm currently working on a role that resets passwords based on a new policy. This includes the user that is set up to communicate with the host over ssh. Once I reset the users password, sudo will no longer work, since the password is different. I've attempted to dynamically set it using set_fact, but it appears that it will not be used.

Several options have been mentioned to me, but they either require storing password information in plain text, or breaking the security policy and requiring NOPASSWD to be available to the user, which isn't a starter.

I don't mind if it's something odd that I have to do, but I'd like to maintain the ability to use ansible-vault for storing these passwords and be able to make these sort of changes.

Any tips/suggestions?

Thanks,

-- 

Scott