diff --git a/bin/ansible b/bin/ansible index 0b0b536679..dbcca4bedf 100755 --- a/bin/ansible +++ b/bin/ansible @@ -77,6 +77,7 @@ class Cli(object): sudopass = None if options.ask_pass: sshpass = getpass.getpass(prompt="SSH password: ") + options.ask_sudo_pass= options.ask_sudo_pass or C.DEFAULT_ASK_SUDO_PASS if options.ask_sudo_pass: sudopass = getpass.getpass(prompt="sudo password: ") options.sudo = True diff --git a/bin/ansible-playbook b/bin/ansible-playbook index 3587fa4662..d18291def6 100755 --- a/bin/ansible-playbook +++ b/bin/ansible-playbook @@ -72,6 +72,7 @@ def main(args): if not options.listhosts: if options.ask_pass: sshpass = getpass.getpass(prompt="SSH password: ") + options.ask_sudo_pass = options.ask_sudo_pass or C.DEFAULT_ASK_SUDO_PASS if options.ask_sudo_pass: sudopass = getpass.getpass(prompt="sudo password: ") options.sudo = True diff --git a/examples/ansible.cfg b/examples/ansible.cfg index 0eb27d9b78..1ba209dd8d 100644 --- a/examples/ansible.cfg +++ b/examples/ansible.cfg @@ -46,6 +46,12 @@ poll_interval=15 sudo_user=root +# to force ansible to always ask for the sudo password (instead of having +# to add -K to the commandline). Or you can use the environment +# variable (ANSIBLE_ASK_SUDO_PASS) + +#ask_sudo_pass=True + # connection to use when -c is not specified transport=paramiko diff --git a/lib/ansible/constants.py b/lib/ansible/constants.py index a978c49668..dfe88a5e3d 100644 --- a/lib/ansible/constants.py +++ b/lib/ansible/constants.py @@ -78,6 +78,7 @@ DEFAULT_POLL_INTERVAL = get_config(p, DEFAULTS, 'poll_interval', 'ANSIBLE DEFAULT_REMOTE_USER = get_config(p, DEFAULTS, 'remote_user', 'ANSIBLE_REMOTE_USER', active_user) DEFAULT_PRIVATE_KEY_FILE = shell_expand_path(get_config(p, DEFAULTS, 'private_key_file', 'ANSIBLE_PRIVATE_KEY_FILE', None)) DEFAULT_SUDO_USER = get_config(p, DEFAULTS, 'sudo_user', 'ANSIBLE_SUDO_USER', 'root') +DEFAULT_ASK_SUDO_PASS = get_config(p, DEFAULTS, 'ask_sudo_pass', 'ANSIBLE_ASK_SUDO_PASS', False) DEFAULT_REMOTE_PORT = int(get_config(p, DEFAULTS, 'remote_port', 'ANSIBLE_REMOTE_PORT', 22)) DEFAULT_TRANSPORT = get_config(p, DEFAULTS, 'transport', 'ANSIBLE_TRANSPORT', 'paramiko') DEFAULT_MANAGED_STR = get_config(p, DEFAULTS, 'ansible_managed', None, 'Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}') @@ -89,8 +90,8 @@ DEFAULT_LOOKUP_PLUGIN_PATH = shell_expand_path(get_config(p, DEFAULTS, 'look DEFAULT_VARS_PLUGIN_PATH = shell_expand_path(get_config(p, DEFAULTS, 'vars_plugins', None, '/usr/share/ansible_plugins/vars_plugins')) # non-configurable things -DEFAULT_REMOTE_PASS = None DEFAULT_SUDO_PASS = None +DEFAULT_REMOTE_PASS = None DEFAULT_SUBSET = None ANSIBLE_SSH_ARGS = get_config(p, 'ssh_connection', 'ssh_args', 'ANSIBLE_SSH_ARGS', None)