When running a playbook, you may wish to prompt the user for certain input, and can do so with the ‘vars_prompt’ section.
A common use for this might be for asking for sensitive data that you do not want to record.
This has uses beyond security, for instance, you may use the same playbook for all software releases and would prompt for a particular release version in a push-script.
Here is a most basic example:
--- - hosts: all remote_user: root vars: from: "camelot" vars_prompt: - name: "name" prompt: "what is your name?" - name: "quest" prompt: "what is your quest?" - name: "favcolor" prompt: "what is your favorite color?"
Prompts for individual
vars_prompt variables will be skipped for any variable that is already defined through the command line
--extra-vars option, or when running from a non-interactive session (such as cron or Ansible Tower). See Passing Variables On The Command Line in the /Variables/ chapter.
If you have a variable that changes infrequently, it might make sense to provide a default value that can be overridden. This can be accomplished using the default argument:
vars_prompt: - name: "release_version" prompt: "Product release version" default: "1.0"
An alternative form of vars_prompt allows for hiding input from the user, and may later support some other options, but otherwise works equivalently:
vars_prompt: - name: "some_password" prompt: "Enter password" private: yes - name: "release_version" prompt: "Product release version" private: no
If Passlib is installed, vars_prompt can also encrypt the entered value so you can use it, for instance, with the user module to define a password:
vars_prompt: - name: "my_password2" prompt: "Enter password2" private: yes encrypt: "sha512_crypt" confirm: yes salt_size: 7
You can use any crypt scheme supported by ‘Passlib’:
However, the only parameters accepted are ‘salt’ or ‘salt_size’. You can use your own salt using ‘salt’, or have one generated automatically using ‘salt_size’. If nothing is specified, a salt of size 8 will be generated.