If you want your playbook to prompt the user for certain input, add a ‘vars_prompt’ section. Prompting the user for variables lets you avoid recording sensitive data like passwords. In addition to security, prompts support flexibility. For example, if you use one playbook across multiple software releases, you could prompt for the particular release version.
Here is a most basic example:
--- - hosts: all vars_prompt: - name: username prompt: What is your username? private: no - name: password prompt: What is your password? tasks: - name: Print a message ansible.builtin.debug: msg: 'Logging in as {{ username }}'
The user input is hidden by default but it can be made visible by setting private: no
.
Note
Prompts for individual vars_prompt
variables will be skipped for any variable that is already defined through the command line --extra-vars
option, or when running from a non-interactive session (such as cron or Ansible AWX). See Defining variables at runtime.
If you have a variable that changes infrequently, you can provide a default value that can be overridden:
vars_prompt: - name: release_version prompt: Product release version default: "1.0"
vars_prompt
You can encrypt the entered value so you can use it, for instance, with the user module to define a password:
vars_prompt: - name: my_password2 prompt: Enter password2 private: yes encrypt: sha512_crypt confirm: yes salt_size: 7
If you have Passlib installed, you can use any crypt scheme the library supports:
The only parameters accepted are ‘salt’ or ‘salt_size’. You can use your own salt by defining ‘salt’, or have one generated automatically using ‘salt_size’. By default Ansible generates a salt of size 8.
New in version 2.7.
If you do not have Passlib installed, Ansible uses the crypt library as a fallback. Ansible supports at most four crypt schemes, depending on your platform at most the following crypt schemes are supported:
New in version 2.8.
vars_prompt
valuesSome special characters, such as {
and %
can create templating errors. If you need to accept special characters, use the unsafe
option:
vars_prompt: - name: my_password_with_weird_chars prompt: Enter password unsafe: yes private: yes
See also
An introduction to playbooks
Conditional statements in playbooks
All about variables
Have a question? Stop by the google group!
#ansible IRC chat channel
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/user_guide/playbooks_prompts.html