How to specify sudo password in Ansible

Ansible is an open-source automation tool that simplifies the configuration management, application deployment, and task automation on multiple systems simultaneously. It is designed to be agentless, which means it doesn't require any software to be installed on the target machines. Instead, Ansible connects to the hosts using SSH and uses YAML-based scripts called playbooks to define the desired state of the system.

Ansible privilege management

In some cases, when running Ansible tasks, you may need elevated privileges on the target machine. The sudo password is required when you want to execute commands as a privileged user (usually root) using become feature.

Here's how you can specify a sudo password in Ansible:

Using --ask-become-pass option

When running your Ansible playbook or command, include the --ask-become-pass option. For example:

ansible-playbook main.yml --ask-become-pass
--ask-become-pass command

Note: The --ask-become-pass option tells Ansible to prompt you for the sudo password during execution.

Executable code

---
- name: Hello, World! Playbook
  hosts: localhost
  gather_facts: false

  tasks:
    - name: Print Hello, World!
      debug:
        msg: "Hello, World!"

Using a password file

To avoid entering the password interactively, you can store the sudo password in a file. This is useful for automation and scripting purposes. However, ensure you secure the password file properly since it contains sensitive information.

  1. Create a file (e.g., sudo_password.txt) and store the sudo password in it:

echo "your_sudo_password_here" > sudo_password.txt
Command to create a sudo_password.txt file

Note: Replace your_sudo_password_here with the actual sudo password you want to use.

  1. Set the permissions of the file to restrict access:

chmod 600 sudo_password.txt
Command to set restrict access

  1. Then, use the --ask-become-pass option with --become-password-file to reference the password file:

ansible-playbook main.yml --become-password-file=sudo_password.txt
Command to reference the password file

Now, Ansible will use the password from the specified file during the execution.

Executable code

---
- name: Hello, World! Playbook
  hosts: localhost
  gather_facts: false

  tasks:
    - name: Print Hello, World!
      debug:
        msg: "Hello, World!"

Keep in mind that storing passwords in plain text files may have security implications. Consider using password managers or other secure methods to handle sensitive data if possible. Also, in a more secure environment, consider using SSH keys for privilege escalation instead of passwords.

Conclusion

Ansible is an automation tool for configuration management, deployment, and task automation. To specify the sudo password, use --ask-become-pass interactively or --become-password-file with a password file. Secure sensitive data and consider SSH keys for better security.

Free AI Mock Interviews
Coding Interview
Coding PatternsFree Interview
Gain insights and practical experience with coding patterns through targeted MCQs and coding problems, designed to match and challenge your expertise level.
System Design
You TubeFree Interview
Learn to design a video streaming platform like YouTube by tackling functional and non-functional requirements, core components, and high-level to detailed design challenges.

Free Resources

Copyright ©2025 Educative, Inc. All rights reserved