2013-09-30 00:44:46 +02:00
Prompts
=======
2012-05-13 17:00:02 +02:00
2013-10-05 19:50:53 +02:00
When running a playbook, you may wish to prompt the user for certain input, and can
2019-06-26 23:07:27 +02:00
do so with the 'vars_prompt' section.
2012-08-01 04:19:04 +02:00
2013-10-05 19:50:53 +02:00
A common use for this might be for asking for sensitive data that you do not want to record.
2012-05-13 17:00:02 +02:00
2013-09-30 00:44:46 +02:00
This has uses beyond security, for instance, you may use the same playbook for all
2012-05-13 17:00:02 +02:00
software releases and would prompt for a particular release version
2013-10-05 19:50:53 +02:00
in a push-script.
Here is a most basic example::
2012-05-13 17:00:02 +02:00
---
- hosts: all
2018-11-02 19:57:39 +01:00
vars_prompt:
2014-02-28 20:18:44 +01:00
2018-11-02 19:57:39 +01:00
- name: username
prompt: "What is your username?"
private: no
2014-02-28 20:18:44 +01:00
2018-11-02 19:57:39 +01:00
- name: password
prompt: "What is your password?"
2019-06-26 23:07:27 +02:00
tasks:
2012-05-13 17:00:02 +02:00
2019-06-26 23:07:27 +02:00
- debug:
2018-11-02 19:57:39 +01:00
msg: 'Logging in as {{ username }}'
The user input is hidden by default but it can be made visible by setting `` private: no `` .
2017-09-14 17:17:56 +02:00
2017-03-30 05:14:43 +02:00
.. note ::
2017-09-14 17:17:56 +02:00
Prompts for individual `` vars_prompt `` variables will be skipped for any variable that is already defined through the command line `` --extra-vars `` option, or when running from a non-interactive session (such as cron or Ansible Tower). See :ref: `passing_variables_on_the_command_line` in the /Variables/ chapter.
2017-03-30 05:14:43 +02:00
2013-06-18 17:25:51 +02:00
If you have a variable that changes infrequently, it might make sense to
2018-11-02 19:57:39 +01:00
provide a default value that can be overridden. This can be accomplished using
2013-06-18 17:25:51 +02:00
the default argument::
vars_prompt:
2014-02-28 20:18:44 +01:00
2013-06-18 17:25:51 +02:00
- name: "release_version"
prompt: "Product release version"
default: "1.0"
2017-10-19 02:50:27 +02:00
If `Passlib <https://passlib.readthedocs.io/en/stable/> `_ is installed, vars_prompt can also encrypt the
2013-03-05 17:22:07 +01:00
entered value so you can use it, for instance, with the user module to define a password::
2013-03-05 16:26:24 +01:00
vars_prompt:
2014-02-28 20:18:44 +01:00
2013-03-05 16:26:24 +01:00
- name: "my_password2"
prompt: "Enter password2"
private: yes
2014-11-07 06:28:04 +01:00
encrypt: "sha512_crypt"
2013-03-05 16:26:24 +01:00
confirm: yes
salt_size: 7
2013-03-05 17:19:14 +01:00
2013-03-17 16:46:25 +01:00
You can use any crypt scheme supported by 'Passlib':
2013-03-05 17:22:07 +01:00
- *des_crypt* - DES Crypt
- *bsdi_crypt* - BSDi Crypt
- *bigcrypt* - BigCrypt
- *crypt16* - Crypt16
- *md5_crypt* - MD5 Crypt
- *bcrypt* - BCrypt
- *sha1_crypt* - SHA-1 Crypt
- *sun_md5_crypt* - Sun MD5 Crypt
- *sha256_crypt* - SHA-256 Crypt
- *sha512_crypt* - SHA-512 Crypt
2017-09-18 19:41:17 +02:00
- *apr_md5_crypt* - Apache's MD5-Crypt variant
- *phpass* - PHPass' Portable Hash
2013-03-05 17:22:07 +01:00
- *pbkdf2_digest* - Generic PBKDF2 Hashes
2017-09-18 19:41:17 +02:00
- *cta_pbkdf2_sha1* - Cryptacular's PBKDF2 hash
- *dlitz_pbkdf2_sha1* - Dwayne Litzenberger's PBKDF2 hash
2013-03-05 17:22:07 +01:00
- *scram* - SCRAM Hash
2017-09-18 19:41:17 +02:00
- *bsd_nthash* - FreeBSD's MCF-compatible nthash encoding
2013-03-05 17:22:07 +01:00
2014-02-18 14:23:23 +01:00
However, the only parameters accepted are 'salt' or 'salt_size'. You can use your own salt using
2013-03-08 10:08:28 +01:00
'salt', or have one generated automatically using 'salt_size'. If nothing is specified, a salt
2013-03-05 17:22:07 +01:00
of size 8 will be generated.
2012-08-01 04:19:04 +02:00
2018-08-27 17:40:41 +02:00
.. versionadded :: 2.7
When Passlib is not installed the `crypt <https://docs.python.org/2/library/crypt.html> `_ library is used as fallback.
Depending on your platform at most the following crypt schemes are supported:
- *bcrypt* - BCrypt
- *md5_crypt* - MD5 Crypt
- *sha256_crypt* - SHA-256 Crypt
- *sha512_crypt* - SHA-512 Crypt
2019-01-30 21:01:13 +01:00
.. versionadded :: 2.8
If you need to put in special characters (i.e `{%` ) that might create templating errors, use the `` unsafe `` option::
vars_prompt:
- name: "my_password_with_wierd_chars"
prompt: "Enter password"
unsafe: yes
private: yes
2013-10-05 18:31:16 +02:00
.. seealso ::
2019-06-26 23:07:27 +02:00
:ref: `playbooks_intro`
2013-10-05 18:31:16 +02:00
An introduction to playbooks
2019-06-26 23:07:27 +02:00
:ref: `playbooks_conditionals`
2013-10-05 18:31:16 +02:00
Conditional statements in playbooks
2019-06-26 23:07:27 +02:00
:ref: `playbooks_variables`
2013-10-05 18:31:16 +02:00
All about variables
2018-07-21 15:48:47 +02:00
`User Mailing List <https://groups.google.com/group/ansible-devel> `_
2013-10-05 18:31:16 +02:00
Have a question? Stop by the google group!
`irc.freenode.net <http://irc.freenode.net> `_
#ansible IRC chat channel