Im extremely new to Ansible, so please excuse all of the mistakes Im about to make in this post. I have a handful of linux servers at work and I want to use ansible to update them regularly. We use 1password, and I have the 1password CLI installed and working on the server I have ansible installed on. I can successfully pull passwords with this test playbook:
- hosts: localhost
tasks:
- name:
debug:
var: lookup("onepassword", "linuxserver1_localadmin")
Im running into a wall trying to figure out how to use 1password within a playbook to specify which password to use when connecting to a server. All of the servers will use the same username, but each has a different password. I know I can put ansible_password=xxxxx in vars, but thats plain text so obviously I cant do that. So within the host file right now I have:
[linuxserver1]
10.x.x.x
[linuxserver1:vars]
ansible_user=linuxserver1_localadmin
[linuxserver2]
10.x.x.x
[linuxserver2:vars]
ansible_user=linuxserver2_localadmin
My goal is to run a very simple playbook like this (pseudo-yaml):
---
- hosts: linuxserver1
tasks:
- name: run updates
vars:
- password: lookup("onepassword", "linuxserver1_localadmin")
command: yum update -y
- hosts: linuxserver2
tasks:
- name: run updates
vars:
- password: lookup("onepassword", "linuxserver2_localadmin")
command: yum update -y
Eventually in the hosts file I will have linuxserver3/4/5 etc. Is there a way to specify the password with 1pass in the hosts file, or is it done in the playbook like Im imagining in the pseudo-code?
Thanks for any and all help!
I can get this working with plain text passwords in the hosts file, which I dont want to use. I dont know enough about yml to even attempt to structure this.
