2019-12-12 19:35:17 +01:00
.. _playbooks_prompts:
2012-05-13 17:00:02 +02:00
2019-12-12 19:35:17 +01:00
***** ***** ***** ***** ***** *
Interactive input: prompts
***** ***** ***** ***** ***** *
2012-08-01 04:19:04 +02:00
2019-12-12 19:35:17 +01:00
If you want your playbook to prompt the user for certain input, add a 'vars_prompt' section. Prompting the user for variables lets you avoid recording sensitive data like passwords. In addition to security, prompts support flexibility. For example, if you use one playbook across multiple software releases, you could prompt for the particular release version.
2012-05-13 17:00:02 +02:00
2019-12-12 19:35:17 +01:00
.. contents ::
:local:
2013-10-05 19:50:53 +02:00
Here is a most basic example::
2012-05-13 17:00:02 +02:00
---
- hosts: all
2018-11-02 19:57:39 +01:00
vars_prompt:
2014-02-28 20:18:44 +01:00
2018-11-02 19:57:39 +01:00
- name: username
2020-10-01 22:34:23 +02:00
prompt: What is your username?
2018-11-02 19:57:39 +01:00
private: no
2014-02-28 20:18:44 +01:00
2018-11-02 19:57:39 +01:00
- name: password
2020-10-01 22:34:23 +02:00
prompt: What is your password?
2018-11-02 19:57:39 +01:00
2019-06-26 23:07:27 +02:00
tasks:
2012-05-13 17:00:02 +02:00
2020-10-01 22:34:23 +02:00
- name: Print a message
ansible.builtin.debug:
2018-11-02 19:57:39 +01:00
msg: 'Logging in as {{ username }}'
The user input is hidden by default but it can be made visible by setting `` private: no `` .
2017-09-14 17:17:56 +02:00
2017-03-30 05:14:43 +02:00
.. note ::
2019-12-12 19:35:17 +01:00
Prompts for individual `` vars_prompt `` variables will be skipped for any variable that is already defined through the command line `` --extra-vars `` option, or when running from a non-interactive session (such as cron or Ansible Tower). See :ref: `passing_variables_on_the_command_line` .
2017-03-30 05:14:43 +02:00
2019-12-12 19:35:17 +01:00
If you have a variable that changes infrequently, you can provide a default value that can be overridden::
2013-06-18 17:25:51 +02:00
vars_prompt:
2014-02-28 20:18:44 +01:00
2020-10-01 22:34:23 +02:00
- name: release_version
prompt: Product release version
2013-06-18 17:25:51 +02:00
default: "1.0"
2019-12-12 19:35:17 +01:00
Encrypting values supplied by `` vars_prompt ``
---------------------------------------------
You can encrypt the entered value so you can use it, for instance, with the user module to define a password::
2013-03-05 16:26:24 +01:00
vars_prompt:
2014-02-28 20:18:44 +01:00
2020-10-01 22:34:23 +02:00
- name: my_password2
prompt: Enter password2
2013-03-05 16:26:24 +01:00
private: yes
2020-10-01 22:34:23 +02:00
encrypt: sha512_crypt
2013-03-05 16:26:24 +01:00
confirm: yes
salt_size: 7
2013-03-05 17:19:14 +01:00
2019-12-12 19:35:17 +01:00
If you have `Passlib <https://passlib.readthedocs.io/en/stable/> `_ installed, you can use any crypt scheme the library supports:
2013-03-05 17:22:07 +01:00
- *des_crypt* - DES Crypt
- *bsdi_crypt* - BSDi Crypt
- *bigcrypt* - BigCrypt
- *crypt16* - Crypt16
- *md5_crypt* - MD5 Crypt
- *bcrypt* - BCrypt
- *sha1_crypt* - SHA-1 Crypt
- *sun_md5_crypt* - Sun MD5 Crypt
- *sha256_crypt* - SHA-256 Crypt
- *sha512_crypt* - SHA-512 Crypt
2017-09-18 19:41:17 +02:00
- *apr_md5_crypt* - Apache's MD5-Crypt variant
- *phpass* - PHPass' Portable Hash
2013-03-05 17:22:07 +01:00
- *pbkdf2_digest* - Generic PBKDF2 Hashes
2017-09-18 19:41:17 +02:00
- *cta_pbkdf2_sha1* - Cryptacular's PBKDF2 hash
- *dlitz_pbkdf2_sha1* - Dwayne Litzenberger's PBKDF2 hash
2013-03-05 17:22:07 +01:00
- *scram* - SCRAM Hash
2017-09-18 19:41:17 +02:00
- *bsd_nthash* - FreeBSD's MCF-compatible nthash encoding
2013-03-05 17:22:07 +01:00
2019-12-12 19:35:17 +01:00
The only parameters accepted are 'salt' or 'salt_size'. You can use your own salt by defining
'salt', or have one generated automatically using 'salt_size'. By default Ansible generates a salt
of size 8.
2012-08-01 04:19:04 +02:00
2018-08-27 17:40:41 +02:00
.. versionadded :: 2.7
2021-05-24 21:11:26 +02:00
If you do not have Passlib installed, Ansible uses the `crypt <https://docs.python.org/3/library/crypt.html> `_ library as a fallback. Ansible supports at most four crypt schemes, depending on your platform at most the following crypt schemes are supported:
2018-08-27 17:40:41 +02:00
- *bcrypt* - BCrypt
- *md5_crypt* - MD5 Crypt
- *sha256_crypt* - SHA-256 Crypt
- *sha512_crypt* - SHA-512 Crypt
2019-01-30 21:01:13 +01:00
.. versionadded :: 2.8
2019-12-12 19:35:17 +01:00
.. _unsafe_prompts:
Allowing special characters in `` vars_prompt `` values
-----------------------------------------------------
2019-01-30 21:01:13 +01:00
2019-12-12 19:35:17 +01:00
Some special characters, such as `` { `` and `` % `` can create templating errors. If you need to accept special characters, use the `` unsafe `` option::
2019-01-30 21:01:13 +01:00
vars_prompt:
2020-10-01 22:34:23 +02:00
- name: my_password_with_weird_chars
prompt: Enter password
2019-01-30 21:01:13 +01:00
unsafe: yes
private: yes
2013-10-05 18:31:16 +02:00
.. seealso ::
2019-06-26 23:07:27 +02:00
:ref: `playbooks_intro`
2013-10-05 18:31:16 +02:00
An introduction to playbooks
2019-06-26 23:07:27 +02:00
:ref: `playbooks_conditionals`
2013-10-05 18:31:16 +02:00
Conditional statements in playbooks
2019-06-26 23:07:27 +02:00
:ref: `playbooks_variables`
2013-10-05 18:31:16 +02:00
All about variables
2018-07-21 15:48:47 +02:00
`User Mailing List <https://groups.google.com/group/ansible-devel> `_
2013-10-05 18:31:16 +02:00
Have a question? Stop by the google group!
`irc.freenode.net <http://irc.freenode.net> `_
#ansible IRC chat channel