If you have been following my Ansible demonstrations, you will see that authenticating to my NetApp simulator I had the username and password embedded into the variables.yml file. Like this:

# ONTAP Cluster Login
user: ansible
pass: Password123
https_option: true
validate_certs_option: false

Let’s face it, adding the username and password into the YAML file is almost like writing your password on a sticky note and hiding it under your keyboard.

This is ok for a lab environment, however, the other issue is running your playbook under the one account. How do you audit who did what ?

Ansible vars_prompt

Today we are going to take a look at integrating vars_prompt into an existing playbook I wrote, which automated the creation of NetApp Root Load-Sharing Mirrors.

In the previous variables.yml file I have removed the ‘user: ansible’ and ‘pass: Password123’ variables.

I also collapsed all the main YAML files into 1 file named ’01_create_ls_mirror.yml’ This means that this file will create the DP volumes as well as the root LS snapmirrors.

If we take a look at the new YAML code, I have introduced the following ‘vars_prompt’ within ’01_create_ls_mirror.yml’:

- hosts: localhost name: Create LS Root Vols and LS-Mirror gather_facts: false vars_prompt: - name: clusteruser prompt: "Enter your {{ sourcecluster }} username ?" private: no - name: clusterpass prompt: "Enter your {{ sourcecluster }} password ?" vars: login: &login hostname: "{{ clusterip }}" username: "{{ clusteruser }}" password: "{{ clusterpass }}" https: "{{ https_option }}" validate_certs: "{{ validate_certs_option }}" vars_files: - variables.yml

Within ‘vars_prompt’ we have ‘name: clusteruser’. This part is setting a new variable called clusteruser.

Next is, ‘prompt: “Enter your {{ sourcecluster }} username ?”. This text will pop up on screen asking you to type in your username. We are going to see what this looks like shortly.

The last setting is ‘private: no’. This means the input you type in, which in this case is your username, is not hidden from view. The default setting of ‘private: yes’ is set for your password.

You can then see, within the ‘vars:’ section, username equals the clusteruser variable. We will enter out username before the playbook fully runs.

The screenshot below shows what the username and password prompt looks like. Once you enter in your credentials, they are checked against the NetApp cluster, authentication is granted and the rest of the Ansible playbook runs.

Ansible vars_prompt - Authentication Prompt

Ansible Code on GitHub

I’ve branched out with ‘update-version2’ from the original code. The direct link to the updated code can be found here: https://github.com/sysadmintutorials/netapp-ansible-ls-mirrors/tree/update-version2

The post Ansible Username Password Prompt with vars_prompt appeared first on SYSADMINTUTORIALS IT TECHNOLOGY BLOG.