From 953058d025227670505e4781db25496a5f2a4b4d Mon Sep 17 00:00:00 2001 From: James Cassell Date: Mon, 11 Feb 2019 10:43:10 -0500 Subject: [PATCH] standardize connection variable names (#51776) * standardize user/password connection vars * docs: use ansible_user and ansible_password * docs: var precedence for connection vars * docs: ansible_become_pass -> ansible_become_password etc --- .../fragments/standardize_connection_vars.yaml | 7 +++++++ docs/docsite/rst/dev_guide/debugging.rst | 2 +- .../network/getting_started/first_inventory.rst | 12 ++++++------ .../user_guide/network_best_practices_2.5.rst | 10 +++++----- .../user_guide/network_debug_troubleshooting.rst | 2 +- .../rst/network/user_guide/platform_cnos.rst | 8 ++++---- .../rst/network/user_guide/platform_dellos10.rst | 8 ++++---- .../rst/network/user_guide/platform_dellos6.rst | 8 ++++---- .../rst/network/user_guide/platform_dellos9.rst | 8 ++++---- .../rst/network/user_guide/platform_enos.rst | 8 ++++---- .../rst/network/user_guide/platform_eos.rst | 10 +++++----- .../rst/network/user_guide/platform_exos.rst | 4 ++-- .../rst/network/user_guide/platform_ios.rst | 8 ++++---- .../rst/network/user_guide/platform_ironware.rst | 8 ++++---- .../rst/network/user_guide/platform_junos.rst | 6 +++--- .../user_guide/platform_netconf_enabled.rst | 2 +- .../rst/network/user_guide/platform_nos.rst | 4 ++-- .../rst/network/user_guide/platform_nxos.rst | 10 +++++----- .../rst/network/user_guide/platform_routeros.rst | 6 +++--- .../rst/network/user_guide/platform_slxos.rst | 4 ++-- .../rst/network/user_guide/platform_voss.rst | 4 ++-- .../rst/porting_guides/porting_guide_2.8.rst | 7 +++++++ docs/docsite/rst/scenario_guides/guide_aci.rst | 8 ++++---- docs/docsite/rst/scenario_guides/guide_rax.rst | 6 +++--- docs/docsite/rst/user_guide/become.rst | 14 +++++++------- docs/docsite/rst/user_guide/intro_inventory.rst | 12 ++++++------ .../docsite/rst/user_guide/playbooks_variables.rst | 10 +++++++--- lib/ansible/plugins/connection/__init__.py | 4 ++-- lib/ansible/plugins/connection/httpapi.py | 1 + lib/ansible/plugins/connection/kubectl.py | 1 + lib/ansible/plugins/connection/napalm.py | 1 + lib/ansible/plugins/connection/netconf.py | 2 ++ lib/ansible/plugins/connection/network_cli.py | 1 + lib/ansible/plugins/connection/paramiko_ssh.py | 2 ++ lib/ansible/plugins/connection/ssh.py | 5 +++-- 35 files changed, 120 insertions(+), 93 deletions(-) create mode 100644 changelogs/fragments/standardize_connection_vars.yaml diff --git a/changelogs/fragments/standardize_connection_vars.yaml b/changelogs/fragments/standardize_connection_vars.yaml new file mode 100644 index 00000000000..c76d26d01d8 --- /dev/null +++ b/changelogs/fragments/standardize_connection_vars.yaml @@ -0,0 +1,7 @@ +minor_changes: | + Connection plugins have been standardized to allow use of ``ansible__user`` + and ``ansible__password`` variables. Variables such as + ``ansible__pass`` and ``ansible__username`` are treated + with lower priority than the standardized names and may be deprecated in the + future. In general, the ``ansible_user`` and ``ansible_password`` vars should + be used unless there is a reason to use the connection-specific variables. diff --git a/docs/docsite/rst/dev_guide/debugging.rst b/docs/docsite/rst/dev_guide/debugging.rst index d0c903fa8c8..df609708713 100644 --- a/docs/docsite/rst/dev_guide/debugging.rst +++ b/docs/docsite/rst/dev_guide/debugging.rst @@ -19,7 +19,7 @@ To debug a module running on a remote target (i.e. not ``localhost``): #. On your controller machine (running Ansible) set ``ANSIBLE_KEEP_REMOTE_FILES=1`` to tell Ansible to retain the modules it sends to the remote machine instead of removing them after you playbook runs. #. Run your playbook targeting the remote machine and specify ``-vvvv`` (verbose) to display the remote location Ansible is using for the modules (among many other things). -#. Take note of the directory Ansible used to store modules on the remote host. This directory is usually under the home directory of your ``ansible_ssh_user``, in the form ``~/.ansible/tmp/ansible-tmp-...``. +#. Take note of the directory Ansible used to store modules on the remote host. This directory is usually under the home directory of your ``ansible_user``, in the form ``~/.ansible/tmp/ansible-tmp-...``. #. SSH into the remote target after the playbook runs. #. Navigate to the directory you noted in step 3. #. Extract the module you want to debug from the zipped file that Ansible sent to the remote host: ``$ python my_test_module.py explode``. Ansible will expand the module into ``./debug-dir``. You can optionally run the zipped file by specifying ``python my_test_module.py``. diff --git a/docs/docsite/rst/network/getting_started/first_inventory.rst b/docs/docsite/rst/network/getting_started/first_inventory.rst index 8ab9476459f..5196b319d17 100644 --- a/docs/docsite/rst/network/getting_started/first_inventory.rst +++ b/docs/docsite/rst/network/getting_started/first_inventory.rst @@ -179,13 +179,13 @@ Create the encrypted ssh password for your VyOS network devices, pulling your an .. code-block:: console - ansible-vault encrypt_string --vault-id my_user@~/my-ansible-vault-pw-file 'VyOS_SSH_password' --name 'ansible_ssh_pass' + ansible-vault encrypt_string --vault-id my_user@~/my-ansible-vault-pw-file 'VyOS_SSH_password' --name 'ansible_password' If you prefer to type your ansible-vault password rather than store it in a file, you can request a prompt: .. code-block:: console - ansible-vault encrypt_string --vault-id my_user@prompt 'VyOS_SSH_password' --name 'ansible_ssh_pass' + ansible-vault encrypt_string --vault-id my_user@prompt 'VyOS_SSH_password' --name 'ansible_password' and type in the vault password for ``my_user``. @@ -193,7 +193,7 @@ The :option:`--vault-id ` flag allows different vau .. code-block:: yaml - ansible_ssh_pass: !vault | + ansible_password: !vault | $ANSIBLE_VAULT;1.2;AES256;my_user 66386134653765386232383236303063623663343437643766386435663632343266393064373933 3661666132363339303639353538316662616638356631650a316338316663666439383138353032 @@ -213,7 +213,7 @@ This is an example using an extract from a YAML inventory, as the INI format do ansible_connection: network_cli ansible_network_os: vyos ansible_user: my_vyos_user - ansible_ssh_pass: !vault | + ansible_password: !vault | $ANSIBLE_VAULT;1.2;AES256;my_user 66386134653765386232383236303063623663343437643766386435663632343266393064373933 3661666132363339303639353538316662616638356631650a316338316663666439383138353032 @@ -244,11 +244,11 @@ To see the original value, you can use the debug module. Please note if your YAM cat vyos.yml | grep -v ansible_connection >> vyos_no_connection.yml - ansible localhost -m debug -a var="ansible_ssh_pass" -e "@vyos_no_connection.yml" --ask-vault-pass + ansible localhost -m debug -a var="ansible_password" -e "@vyos_no_connection.yml" --ask-vault-pass Vault password: localhost | SUCCESS => { - "ansible_ssh_pass": "VyOS_SSH_password" + "ansible_password": "VyOS_SSH_password" } diff --git a/docs/docsite/rst/network/user_guide/network_best_practices_2.5.rst b/docs/docsite/rst/network/user_guide/network_best_practices_2.5.rst index 457437af18a..c898472ecc0 100644 --- a/docs/docsite/rst/network/user_guide/network_best_practices_2.5.rst +++ b/docs/docsite/rst/network/user_guide/network_best_practices_2.5.rst @@ -80,7 +80,7 @@ Because Ansible is a flexible tool, there are a number of ways to specify connec ansible_become_method=enable ansible_network_os=eos ansible_user=my_eos_user - ansible_ssh_pass= !vault | + ansible_password= !vault | $ANSIBLE_VAULT;1.1;AES256 37373735393636643261383066383235363664386633386432343236663533343730353361653735 6131363539383931353931653533356337353539373165320a316465383138636532343463633236 @@ -98,7 +98,7 @@ Because Ansible is a flexible tool, there are a number of ways to specify connec ansible_become_method=enable ansible_network_os=ios ansible_user=my_ios_user - ansible_ssh_pass= !vault | + ansible_password= !vault | $ANSIBLE_VAULT;1.1;AES256 34623431313336343132373235313066376238386138316466636437653938623965383732373130 3466363834613161386538393463663861636437653866620a373136356366623765373530633735 @@ -114,7 +114,7 @@ Because Ansible is a flexible tool, there are a number of ways to specify connec [vyos:vars] ansible_network_os=vyos ansible_user=my_vyos_user - ansible_ssh_pass= !vault | + ansible_password= !vault | $ANSIBLE_VAULT;1.1;AES256 39336231636137663964343966653162353431333566633762393034646462353062633264303765 6331643066663534383564343537343334633031656538370a333737656236393835383863306466 @@ -122,7 +122,7 @@ Because Ansible is a flexible tool, there are a number of ways to specify connec 3665626431626532630a353564323566316162613432373738333064366130303637616239396438 9853 -If you use ssh-agent, you do not need the ``ansible_ssh_pass`` lines. If you use ssh keys, but not ssh-agent, and you have multiple keys, specify the key to use for each connection in the ``[group:vars]`` section with ``ansible_ssh_private_key_file=/path/to/correct/key``. For more information on ``ansible_ssh_`` options see the :ref:`behavioral_parameters`. +If you use ssh-agent, you do not need the ``ansible_password`` lines. If you use ssh keys, but not ssh-agent, and you have multiple keys, specify the key to use for each connection in the ``[group:vars]`` section with ``ansible_ssh_private_key_file=/path/to/correct/key``. For more information on ``ansible_ssh_`` options see the :ref:`behavioral_parameters`. .. FIXME FUTURE Gundalow - Link to network auth & proxy page (to be written) @@ -137,7 +137,7 @@ The "Vault" feature of Ansible allows you to keep sensitive data such as passwor Informs Ansible which Network platform this hosts corresponds to. This is required when using ``network_cli`` or ``netconf``. :ansible_user: The user to connect to the remote device (switch) as. Without this the user that is running ``ansible-playbook`` would be used. Specifies which user on the network device the connection -:ansible_ssh_pass: +:ansible_password: The corresponding password for ``ansible_user`` to log in as. If not specified SSH key will be used. :ansible_become: If enable mode (privilege mode) should be used, see the next section. diff --git a/docs/docsite/rst/network/user_guide/network_debug_troubleshooting.rst b/docs/docsite/rst/network/user_guide/network_debug_troubleshooting.rst index 406ff8f8296..aa937850cce 100644 --- a/docs/docsite/rst/network/user_guide/network_debug_troubleshooting.rst +++ b/docs/docsite/rst/network/user_guide/network_debug_troubleshooting.rst @@ -703,7 +703,7 @@ Example Ansible inventory file ansible_connection=netconf ansible_network_os=junos ansible_user=myuser - ansible_ssh_pass=!vault... + ansible_password=!vault... .. note:: Using ``ProxyCommand`` with passwords via variables diff --git a/docs/docsite/rst/network/user_guide/platform_cnos.rst b/docs/docsite/rst/network/user_guide/platform_cnos.rst index f64d836de77..6a777d48ce0 100644 --- a/docs/docsite/rst/network/user_guide/platform_cnos.rst +++ b/docs/docsite/rst/network/user_guide/platform_cnos.rst @@ -27,7 +27,7 @@ Connections Available +---------------------------+-----------------------------------------------+ | | **Enable Mode** | | supported - use ``ansible_become: yes`` | | | (Privilege Escalation) | | with ``ansible_become_method: enable`` | -| | | | and ``ansible_become_pass:`` | +| | | | and ``ansible_become_password:`` | +---------------------------+-----------------------------------------------+ | **Returned Data Format** | ``stdout[0].`` | +---------------------------+-----------------------------------------------+ @@ -45,14 +45,14 @@ Example CLI ``group_vars/cnos.yml`` ansible_connection: network_cli ansible_network_os: cnos ansible_user: myuser - ansible_ssh_pass: !vault... + ansible_password: !vault... ansible_become: yes ansible_become_method: enable - ansible_become_pass: !vault... + ansible_become_password: !vault... ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"' -- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_ssh_pass`` configuration. +- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_password`` configuration. - If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration. - If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables. diff --git a/docs/docsite/rst/network/user_guide/platform_dellos10.rst b/docs/docsite/rst/network/user_guide/platform_dellos10.rst index 461e504d274..702914c373a 100644 --- a/docs/docsite/rst/network/user_guide/platform_dellos10.rst +++ b/docs/docsite/rst/network/user_guide/platform_dellos10.rst @@ -27,7 +27,7 @@ Connections Available +---------------------------+-----------------------------------------------+ | | **Enable Mode** | | supported - use ``ansible_become: yes`` | | | (Privilege Escalation) | | with ``ansible_become_method: enable`` | -| | | | and ``ansible_become_pass:`` | +| | | | and ``ansible_become_password:`` | +---------------------------+-----------------------------------------------+ | **Returned Data Format** | ``stdout[0].`` | +---------------------------+-----------------------------------------------+ @@ -45,14 +45,14 @@ Example CLI ``group_vars/dellos10.yml`` ansible_connection: network_cli ansible_network_os: dellos10 ansible_user: myuser - ansible_ssh_pass: !vault... + ansible_password: !vault... ansible_become: yes ansible_become_method: enable - ansible_become_pass: !vault... + ansible_become_password: !vault... ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"' -- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_ssh_pass`` configuration. +- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_password`` configuration. - If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration. - If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables. diff --git a/docs/docsite/rst/network/user_guide/platform_dellos6.rst b/docs/docsite/rst/network/user_guide/platform_dellos6.rst index 86688b31465..0b6f0d28c0c 100644 --- a/docs/docsite/rst/network/user_guide/platform_dellos6.rst +++ b/docs/docsite/rst/network/user_guide/platform_dellos6.rst @@ -27,7 +27,7 @@ Connections Available +---------------------------+-----------------------------------------------+ | | **Enable Mode** | | supported - use ``ansible_become: yes`` | | | (Privilege Escalation) | | with ``ansible_become_method: enable`` | -| | | | and ``ansible_become_pass:`` | +| | | | and ``ansible_become_password:`` | +---------------------------+-----------------------------------------------+ | **Returned Data Format** | ``stdout[0].`` | +---------------------------+-----------------------------------------------+ @@ -45,14 +45,14 @@ Example CLI ``group_vars/dellos6.yml`` ansible_connection: network_cli ansible_network_os: dellos6 ansible_user: myuser - ansible_ssh_pass: !vault... + ansible_password: !vault... ansible_become: yes ansible_become_method: enable - ansible_become_pass: !vault... + ansible_become_password: !vault... ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"' -- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_ssh_pass`` configuration. +- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_password`` configuration. - If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration. - If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables. diff --git a/docs/docsite/rst/network/user_guide/platform_dellos9.rst b/docs/docsite/rst/network/user_guide/platform_dellos9.rst index fe6ee491ba1..bef789d8c6c 100644 --- a/docs/docsite/rst/network/user_guide/platform_dellos9.rst +++ b/docs/docsite/rst/network/user_guide/platform_dellos9.rst @@ -27,7 +27,7 @@ Connections Available +---------------------------+-----------------------------------------------+ | | **Enable Mode** | | supported - use ``ansible_become: yes`` | | | (Privilege Escalation) | | with ``ansible_become_method: enable`` | -| | | | and ``ansible_become_pass:`` | +| | | | and ``ansible_become_password:`` | +---------------------------+-----------------------------------------------+ | **Returned Data Format** | ``stdout[0].`` | +---------------------------+-----------------------------------------------+ @@ -45,14 +45,14 @@ Example CLI ``group_vars/dellos9.yml`` ansible_connection: network_cli ansible_network_os: dellos9 ansible_user: myuser - ansible_ssh_pass: !vault... + ansible_password: !vault... ansible_become: yes ansible_become_method: enable - ansible_become_pass: !vault... + ansible_become_password: !vault... ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"' -- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_ssh_pass`` configuration. +- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_password`` configuration. - If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration. - If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables. diff --git a/docs/docsite/rst/network/user_guide/platform_enos.rst b/docs/docsite/rst/network/user_guide/platform_enos.rst index 6d1aa06f277..f82f93492ab 100644 --- a/docs/docsite/rst/network/user_guide/platform_enos.rst +++ b/docs/docsite/rst/network/user_guide/platform_enos.rst @@ -27,7 +27,7 @@ Connections Available +---------------------------+-----------------------------------------------+ | | **Enable Mode** | | supported - use ``ansible_become: yes`` | | | (Privilege Escalation) | | with ``ansible_become_method: enable`` | -| | | | and ``ansible_become_pass:`` | +| | | | and ``ansible_become_password:`` | +---------------------------+-----------------------------------------------+ | **Returned Data Format** | ``stdout[0].`` | +---------------------------+-----------------------------------------------+ @@ -45,14 +45,14 @@ Example CLI ``group_vars/enos.yml`` ansible_connection: network_cli ansible_network_os: enos ansible_user: myuser - ansible_ssh_pass: !vault... + ansible_password: !vault... ansible_become: yes ansible_become_method: enable - ansible_become_pass: !vault... + ansible_become_password: !vault... ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"' -- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_ssh_pass`` configuration. +- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_password`` configuration. - If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration. - If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables. diff --git a/docs/docsite/rst/network/user_guide/platform_eos.rst b/docs/docsite/rst/network/user_guide/platform_eos.rst index ddd416b2ace..89a1d7f0f3b 100644 --- a/docs/docsite/rst/network/user_guide/platform_eos.rst +++ b/docs/docsite/rst/network/user_guide/platform_eos.rst @@ -52,14 +52,14 @@ Example CLI ``group_vars/eos.yml`` ansible_connection: network_cli ansible_network_os: eos ansible_user: myuser - ansible_ssh_pass: !vault... + ansible_password: !vault... ansible_become: yes ansible_become_method: enable - ansible_become_pass: !vault... + ansible_become_password: !vault... ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"' -- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_ssh_pass`` configuration. +- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_password`` configuration. - If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration. - If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables. @@ -106,7 +106,7 @@ Example eAPI ``group_vars/eos.yml`` ansible_connection: httpapi ansible_network_os: eos ansible_user: myuser - ansible_ssh_pass: !vault... + ansible_password: !vault... ansible_become: yes ansible_become_method: enable proxy_env: @@ -140,7 +140,7 @@ eAPI examples with ``connection: local`` ansible_connection: local ansible_network_os: eos ansible_user: myuser - ansible_ssh_pass: !vault... + ansible_password: !vault... eapi: host: "{{ inventory_hostname }}" transport: eapi diff --git a/docs/docsite/rst/network/user_guide/platform_exos.rst b/docs/docsite/rst/network/user_guide/platform_exos.rst index fd7e51f4a4f..81b883bd702 100644 --- a/docs/docsite/rst/network/user_guide/platform_exos.rst +++ b/docs/docsite/rst/network/user_guide/platform_exos.rst @@ -47,11 +47,11 @@ Example CLI ``group_vars/exos.yml`` ansible_connection: network_cli ansible_network_os: exos ansible_user: myuser - ansible_ssh_pass: !vault... + ansible_password: !vault... ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"' -- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_ssh_pass`` configuration. +- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_password`` configuration. - If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration. - If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables. diff --git a/docs/docsite/rst/network/user_guide/platform_ios.rst b/docs/docsite/rst/network/user_guide/platform_ios.rst index e38f6a8a818..021784ffadd 100644 --- a/docs/docsite/rst/network/user_guide/platform_ios.rst +++ b/docs/docsite/rst/network/user_guide/platform_ios.rst @@ -27,7 +27,7 @@ Connections Available +---------------------------+-----------------------------------------------+ | | **Enable Mode** | | supported - use ``ansible_become: yes`` | | | (Privilege Escalation) | | with ``ansible_become_method: enable`` | -| | | | and ``ansible_become_pass:`` | +| | | | and ``ansible_become_password:`` | +---------------------------+-----------------------------------------------+ | **Returned Data Format** | ``stdout[0].`` | +---------------------------+-----------------------------------------------+ @@ -45,14 +45,14 @@ Example CLI ``group_vars/ios.yml`` ansible_connection: network_cli ansible_network_os: ios ansible_user: myuser - ansible_ssh_pass: !vault... + ansible_password: !vault... ansible_become: yes ansible_become_method: enable - ansible_become_pass: !vault... + ansible_become_password: !vault... ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"' -- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_ssh_pass`` configuration. +- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_password`` configuration. - If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration. - If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables. diff --git a/docs/docsite/rst/network/user_guide/platform_ironware.rst b/docs/docsite/rst/network/user_guide/platform_ironware.rst index e04c6a12d26..68999e4d48c 100644 --- a/docs/docsite/rst/network/user_guide/platform_ironware.rst +++ b/docs/docsite/rst/network/user_guide/platform_ironware.rst @@ -27,7 +27,7 @@ Connections Available +---------------------------+-----------------------------------------------+ | | **Enable Mode** | | supported - use ``ansible_become: yes`` | | | (Privilege Escalation) | | with ``ansible_become_method: enable`` | -| | | | and ``ansible_become_pass:`` | +| | | | and ``ansible_become_password:`` | +---------------------------+-----------------------------------------------+ | **Returned Data Format** | ``stdout[0].`` | +---------------------------+-----------------------------------------------+ @@ -45,14 +45,14 @@ Example CLI ``group_vars/mlx.yml`` ansible_connection: network_cli ansible_network_os: ironware ansible_user: myuser - ansible_ssh_pass: !vault... + ansible_password: !vault... ansible_become: yes ansible_become_method: enable - ansible_become_pass: !vault... + ansible_become_password: !vault... ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"' -- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_ssh_pass`` configuration. +- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_password`` configuration. - If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration. - If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables. diff --git a/docs/docsite/rst/network/user_guide/platform_junos.rst b/docs/docsite/rst/network/user_guide/platform_junos.rst index 6fe76e41d6f..576f1b60d56 100644 --- a/docs/docsite/rst/network/user_guide/platform_junos.rst +++ b/docs/docsite/rst/network/user_guide/platform_junos.rst @@ -46,11 +46,11 @@ Example CLI inventory ``[junos:vars]`` ansible_connection=network_cli ansible_network_os=junos ansible_user=myuser - ansible_ssh_pass=!vault... + ansible_password=!vault... ansible_ssh_common_args='-o ProxyCommand="ssh -W %h:%p -q bastion01"' -- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_ssh_pass`` configuration. +- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_password`` configuration. - If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration. - If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables. @@ -96,7 +96,7 @@ Example NETCONF inventory ``[junos:vars]`` ansible_connection=netconf ansible_network_os=junos ansible_user=myuser - ansible_ssh_pass=!vault | + ansible_password=!vault | ansible_ssh_common_args='-o ProxyCommand="ssh -W %h:%p -q bastion01"' diff --git a/docs/docsite/rst/network/user_guide/platform_netconf_enabled.rst b/docs/docsite/rst/network/user_guide/platform_netconf_enabled.rst index 493ac344f54..9adc0120542 100644 --- a/docs/docsite/rst/network/user_guide/platform_netconf_enabled.rst +++ b/docs/docsite/rst/network/user_guide/platform_netconf_enabled.rst @@ -59,7 +59,7 @@ Example NETCONF inventory ``[junos:vars]`` ansible_connection=netconf ansible_network_os=junos ansible_user=myuser - ansible_ssh_pass=!vault | + ansible_password=!vault | Example NETCONF Task diff --git a/docs/docsite/rst/network/user_guide/platform_nos.rst b/docs/docsite/rst/network/user_guide/platform_nos.rst index da8d4ad2f63..1ad469509b4 100644 --- a/docs/docsite/rst/network/user_guide/platform_nos.rst +++ b/docs/docsite/rst/network/user_guide/platform_nos.rst @@ -47,11 +47,11 @@ Example CLI ``group_vars/nos.yml`` ansible_connection: network_cli ansible_network_os: nos ansible_user: myuser - ansible_ssh_pass: !vault... + ansible_password: !vault... ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"' -- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_ssh_pass`` configuration. +- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_password`` configuration. - If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration. - If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables. diff --git a/docs/docsite/rst/network/user_guide/platform_nxos.rst b/docs/docsite/rst/network/user_guide/platform_nxos.rst index 997c8cad594..a2b431fe57e 100644 --- a/docs/docsite/rst/network/user_guide/platform_nxos.rst +++ b/docs/docsite/rst/network/user_guide/platform_nxos.rst @@ -29,7 +29,7 @@ Connections Available +---------------------------+-----------------------------------------------+-----------------------------------------+ | | **Enable Mode** | | supported - use ``ansible_become: yes`` | | not supported by NX-API | | | (Privilege Escalation) | | with ``ansible_become_method: enable`` | | | -| | supported as of 2.5.3 | | and ``ansible_become_pass:`` | | | +| | supported as of 2.5.3 | | and ``ansible_become_password:`` | | | +---------------------------+-----------------------------------------------+-----------------------------------------+ | **Returned Data Format** | ``stdout[0].`` | ``stdout[0].messages[0].`` | +---------------------------+-----------------------------------------------+-----------------------------------------+ @@ -47,14 +47,14 @@ Example CLI ``group_vars/nxos.yml`` ansible_connection: network_cli ansible_network_os: nxos ansible_user: myuser - ansible_ssh_pass: !vault... + ansible_password: !vault... ansible_become: yes ansible_become_method: enable - ansible_become_pass: !vault... + ansible_become_password: !vault... ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"' -- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_ssh_pass`` configuration. +- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_password`` configuration. - If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration. - If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables. @@ -99,7 +99,7 @@ Example NX-API ``group_vars/nxos.yml`` ansible_connection: httpapi ansible_network_os: nxos ansible_user: myuser - ansible_ssh_pass: !vault... + ansible_password: !vault... proxy_env: http_proxy: http://proxy.example.com:8080 diff --git a/docs/docsite/rst/network/user_guide/platform_routeros.rst b/docs/docsite/rst/network/user_guide/platform_routeros.rst index cd6fac1cfd5..37f0728f359 100644 --- a/docs/docsite/rst/network/user_guide/platform_routeros.rst +++ b/docs/docsite/rst/network/user_guide/platform_routeros.rst @@ -40,14 +40,14 @@ Example CLI ``group_vars/routeros.yml`` ansible_connection: network_cli ansible_network_os: routeros ansible_user: myuser - ansible_ssh_pass: !vault... + ansible_password: !vault... ansible_become: yes ansible_become_method: enable - ansible_become_pass: !vault... + ansible_become_password: !vault... ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"' -- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_ssh_pass`` configuration. +- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_password`` configuration. - If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration. - If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables. diff --git a/docs/docsite/rst/network/user_guide/platform_slxos.rst b/docs/docsite/rst/network/user_guide/platform_slxos.rst index 02256e9a0b9..5f6df8edfaa 100644 --- a/docs/docsite/rst/network/user_guide/platform_slxos.rst +++ b/docs/docsite/rst/network/user_guide/platform_slxos.rst @@ -47,11 +47,11 @@ Example CLI ``group_vars/slxos.yml`` ansible_connection: network_cli ansible_network_os: slxos ansible_user: myuser - ansible_ssh_pass: !vault... + ansible_password: !vault... ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"' -- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_ssh_pass`` configuration. +- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_password`` configuration. - If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration. - If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables. diff --git a/docs/docsite/rst/network/user_guide/platform_voss.rst b/docs/docsite/rst/network/user_guide/platform_voss.rst index 22a33c8ec25..e07f91ef8d4 100644 --- a/docs/docsite/rst/network/user_guide/platform_voss.rst +++ b/docs/docsite/rst/network/user_guide/platform_voss.rst @@ -49,11 +49,11 @@ Example CLI ``group_vars/voss.yml`` ansible_user: myuser ansible_become: yes ansible_become_method: enable - ansible_ssh_pass: !vault... + ansible_password: !vault... ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"' -- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_ssh_pass`` configuration. +- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_password`` configuration. - If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration. - If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables. diff --git a/docs/docsite/rst/porting_guides/porting_guide_2.8.rst b/docs/docsite/rst/porting_guides/porting_guide_2.8.rst index 9319b925b69..972093f1cdc 100644 --- a/docs/docsite/rst/porting_guides/porting_guide_2.8.rst +++ b/docs/docsite/rst/porting_guides/porting_guide_2.8.rst @@ -167,6 +167,13 @@ Noteworthy module changes Plugins ======= +* Connection plugins have been standardized to allow use of ``ansible__user`` + and ``ansible__password`` variables. Variables such as + ``ansible__pass`` and ``ansible__username`` are treated + with lower priority than the standardized names and may be deprecated in the + future. In general, the ``ansible_user`` and ``ansible_password`` vars should + be used unless there is a reason to use the connection-specific variables. + * The ``powershell`` shell plugin now uses ``async_dir`` to define the async path for the results file and the default has changed to ``%USERPROFILE%\.ansible_async``. To control this path now, either set the ``ansible_async_dir`` variable or the ``async_dir`` value in the ``powershell`` section of the config ini. diff --git a/docs/docsite/rst/scenario_guides/guide_aci.rst b/docs/docsite/rst/scenario_guides/guide_aci.rst index a1773c6732d..356a5e5623d 100644 --- a/docs/docsite/rst/scenario_guides/guide_aci.rst +++ b/docs/docsite/rst/scenario_guides/guide_aci.rst @@ -135,7 +135,7 @@ So let us assume we have our target configured in the inventory using the FQDN n my-apic-1: ansible_host: apic01.fqdn.intra ansible_user: admin - ansible_pass: my-password + ansible_password: my-password One way to set this up is to add to every task the directive: ``delegate_to: localhost``. @@ -146,7 +146,7 @@ One way to set this up is to add to every task the directive: ``delegate_to: loc aci_tenant: host: '{{ ansible_host }}' username: '{{ ansible_user }}' - password: '{{ ansible_pass }}' + password: '{{ ansible_password }}' state: query delegate_to: localhost @@ -168,7 +168,7 @@ In this case the inventory may look like this: my-apic-1: ansible_host: apic01.fqdn.intra ansible_user: admin - ansible_pass: my-password + ansible_password: my-password ansible_connection: local But used tasks do not need anything special added. @@ -179,7 +179,7 @@ But used tasks do not need anything special added. aci_tenant: host: '{{ ansible_host }}' username: '{{ ansible_user }}' - password: '{{ ansible_pass }}' + password: '{{ ansible_password }}' state: query register: all_tenants diff --git a/docs/docsite/rst/scenario_guides/guide_rax.rst b/docs/docsite/rst/scenario_guides/guide_rax.rst index c2d1aec7fcf..ecfc4b0cd2e 100644 --- a/docs/docsite/rst/scenario_guides/guide_rax.rst +++ b/docs/docsite/rst/scenario_guides/guide_rax.rst @@ -130,7 +130,7 @@ The rax module returns data about the nodes it creates, like IP addresses, hostn add_host: hostname: "{{ item.name }}" ansible_host: "{{ item.rax_accessipv4 }}" - ansible_ssh_pass: "{{ item.rax_adminpass }}" + ansible_password: "{{ item.rax_adminpass }}" groups: raxhosts loop: "{{ rax.success }}" when: rax.action == 'create' @@ -511,7 +511,7 @@ Build a complete webserver environment with servers, custom networks and load ba add_host: hostname: "{{ item.name }}" ansible_host: "{{ item.rax_accessipv4 }}" - ansible_ssh_pass: "{{ item.rax_adminpass }}" + ansible_password: "{{ item.rax_adminpass }}" ansible_user: root groups: web loop: "{{ rax.success }}" @@ -592,7 +592,7 @@ Using a Control Machine add_host: hostname: "{{ item.name }}" ansible_host: "{{ item.rax_accessipv4 }}" - ansible_ssh_pass: "{{ item.rax_adminpass }}" + ansible_password: "{{ item.rax_adminpass }}" ansible_user: root rax_id: "{{ item.rax_id }}" groups: web,new_web diff --git a/docs/docsite/rst/user_guide/become.rst b/docs/docsite/rst/user_guide/become.rst index a949f664f9a..100cb24a193 100644 --- a/docs/docsite/rst/user_guide/become.rst +++ b/docs/docsite/rst/user_guide/become.rst @@ -73,7 +73,7 @@ ansible_become_method ansible_become_user set the user you become through privilege escalation; does not imply ``ansible_become: yes`` -ansible_become_pass +ansible_become_password set the privilege escalation password. See :doc:`playbooks_vault` for details on how to avoid having secrets in plain text For example, if you want to run all tasks as ``root`` on a server named ``webserver``, but you can only connect as the ``manager`` user, you could use an inventory entry like this:: @@ -298,7 +298,7 @@ Passwords for enable mode If you need a password to enter ``enable`` mode, you can specify it in one of two ways: * providing the :option:`--ask-become-pass ` command line option -* setting the ``ansible_become_pass`` connection variable +* setting the ``ansible_become_password`` connection variable .. warning:: @@ -553,8 +553,8 @@ option for a Scheduled Task. In this scenario, the become process will not be able to access any network resources like a normal WinRM process. To make a distinction between using become with no password and becoming an -account that has no password make sure to keep ``ansible_become_pass`` as -undefined or set ``ansible_become_pass:``. +account that has no password make sure to keep ``ansible_become_password`` as +undefined or set ``ansible_become_password:``. .. Note:: Because there are no guarantees an existing token will exist for a user when Ansible runs, there's a high change the become process will only @@ -568,7 +568,7 @@ Accounts without a Password Ansible can be used to become an account that does not have a password (like the ``Guest`` account). To become an account without a password, set up the -variables like normal but set ``ansible_become_pass: ''``. +variables like normal but set ``ansible_become_password: ''``. Before become can work on an account like this, the local policy `Accounts: Limit local account use of blank passwords to console logon only `_ @@ -586,7 +586,7 @@ or with this Ansible task: state: present .. Note:: This is only for accounts that do not have a password. You still need - to set the account's password under ``ansible_become_pass`` if the + to set the account's password under ``ansible_become_password`` if the become_user has a password. Become Flags @@ -661,7 +661,7 @@ Here are some examples of how to use ``become_flags`` with Windows tasks: ansible_become: yes ansible_become_method: runas ansible_become_user: DOMAIN\user - ansible_become_pass: Password01 + ansible_become_password: Password01 ansible_become_flags: logon_type=new_credentials logon_flags=netcredentials_only - name: run a command under a batch logon diff --git a/docs/docsite/rst/user_guide/intro_inventory.rst b/docs/docsite/rst/user_guide/intro_inventory.rst index d75480d1b47..3cca16987a5 100644 --- a/docs/docsite/rst/user_guide/intro_inventory.rst +++ b/docs/docsite/rst/user_guide/intro_inventory.rst @@ -515,15 +515,15 @@ General for all connections: ansible_host The name of the host to connect to, if different from the alias you wish to give to it. ansible_port - The ssh port number, if not 22 + The connection port number, if not the default (22 for ssh) ansible_user - The default ssh user name to use. + The user name to use when connecting to the host +ansible_password + The password to use to authenticate to the host (never store this variable in plain text; always use a vault. See :ref:`best_practices_for_variables_and_vaults`) Specific to the SSH connection: -ansible_ssh_pass - The ssh password to use (never store this variable in plain text; always use a vault. See :ref:`best_practices_for_variables_and_vaults`) ansible_ssh_private_key_file Private key file used by ssh. Useful if using multiple keys and you don't want to use SSH agent. ansible_ssh_common_args @@ -550,8 +550,8 @@ ansible_become_method Allows to set privilege escalation method ansible_become_user Equivalent to ``ansible_sudo_user`` or ``ansible_su_user``, allows to set the user you become through privilege escalation -ansible_become_pass - Equivalent to ``ansible_sudo_pass`` or ``ansible_su_pass``, allows you to set the privilege escalation password (never store this variable in plain text; always use a vault. See :ref:`best_practices_for_variables_and_vaults`) +ansible_become_password + Equivalent to ``ansible_sudo_password`` or ``ansible_su_password``, allows you to set the privilege escalation password (never store this variable in plain text; always use a vault. See :ref:`best_practices_for_variables_and_vaults`) ansible_become_exe Equivalent to ``ansible_sudo_exe`` or ``ansible_su_exe``, allows you to set the executable for the escalation method selected ansible_become_flags diff --git a/docs/docsite/rst/user_guide/playbooks_variables.rst b/docs/docsite/rst/user_guide/playbooks_variables.rst index e16de78d555..d7eb9de2c9b 100644 --- a/docs/docsite/rst/user_guide/playbooks_variables.rst +++ b/docs/docsite/rst/user_guide/playbooks_variables.rst @@ -1047,7 +1047,7 @@ Basically, anything that goes into "role defaults" (the defaults folder inside t This last one can be superceeded by the user via ``ansible_group_priority``, which defaults to ``1`` for all groups. This variable, ``ansible_group_priority``, can only be set in the inventory source and not in group_vars/ as the variable is used in the loading of group_vars/. -Another important thing to consider (for all versions) is that connection variables override config, command line and play/role/task specific options and keywords. For example, if your inventory specifies ``ansible_ssh_user: ramon`` and you run:: +Another important thing to consider (for all versions) is that connection variables override config, command line and play/role/task specific options and keywords. For example, if your inventory specifies ``ansible_user: ramon`` and you run:: ansible -u lola myhost @@ -1060,7 +1060,7 @@ For plays/tasks this is also true for ``remote_user``. Assuming the same invento - command: I'll connect as ramon still remote_user: lola -will have the value of ``remote_user`` overwritten by ``ansible_ssh_user`` in the inventory. +will have the value of ``remote_user`` overwritten by ``ansible_user`` in the inventory. This is done so host-specific settings can override the general settings. These variables are normally defined per host or group in inventory, but they behave like other variables. @@ -1069,7 +1069,11 @@ If you want to override the remote user globally (even over inventory) you can u ansible... -e "ansible_user=maria" -u lola -the ``lola`` value is still ignored, but ``ansible_user=maria`` takes precedence over all other places where ``ansible_user`` (or ``ansible_ssh_user``, or ``remote_user``) might be set. +the ``lola`` value is still ignored, but ``ansible_user=maria`` takes precedence over all other places where ``ansible_user`` (or ``remote_user``) might be set. + +A connection-specific version of a variable takes precedence over more generic +versions. For example, ``ansible_ssh_user`` specified as a group_var would have +a higher precedence than ``ansible_user`` specified as a host_var. You can also override as a normal variable in a play:: diff --git a/lib/ansible/plugins/connection/__init__.py b/lib/ansible/plugins/connection/__init__.py index e42783fe9cb..c36d51ec318 100644 --- a/lib/ansible/plugins/connection/__init__.py +++ b/lib/ansible/plugins/connection/__init__.py @@ -184,13 +184,13 @@ class ConnectionBase(AnsiblePlugin): processed on the remote machine, not on the local machine so no shell is needed on the local machine. (Example, ``/bin/sh``) :ConnectionCommand: This is the command that connects us to the remote - machine to run the rest of the command. ``ansible_ssh_user``, + machine to run the rest of the command. ``ansible_user``, ``ansible_ssh_host`` and so forth are fed to this piece of the command to connect to the correct host (Examples ``ssh``, ``chroot``) :UsersLoginShell: This shell may or may not be created depending on the ConnectionCommand used by the connection plugin. This is the - shell that the ``ansible_ssh_user`` has configured as their login + shell that the ``ansible_user`` has configured as their login shell. In traditional UNIX parlance, this is the last field of a user's ``/etc/passwd`` entry We do not specifically try to run the ``UsersLoginShell`` when we connect. Instead it is implicit diff --git a/lib/ansible/plugins/connection/httpapi.py b/lib/ansible/plugins/connection/httpapi.py index acaf0f6d27d..db39b321a4b 100644 --- a/lib/ansible/plugins/connection/httpapi.py +++ b/lib/ansible/plugins/connection/httpapi.py @@ -61,6 +61,7 @@ options: vars: - name: ansible_password - name: ansible_httpapi_pass + - name: ansible_httpapi_password use_ssl: type: boolean description: diff --git a/lib/ansible/plugins/connection/kubectl.py b/lib/ansible/plugins/connection/kubectl.py index f2cffe26505..82a5002df87 100644 --- a/lib/ansible/plugins/connection/kubectl.py +++ b/lib/ansible/plugins/connection/kubectl.py @@ -103,6 +103,7 @@ DOCUMENTATION = """ default: '' vars: - name: ansible_kubectl_username + - name: ansible_kubectl_user env: - name: K8S_AUTH_USERNAME kubectl_password: diff --git a/lib/ansible/plugins/connection/napalm.py b/lib/ansible/plugins/connection/napalm.py index 67e93cecce2..50c500527d0 100644 --- a/lib/ansible/plugins/connection/napalm.py +++ b/lib/ansible/plugins/connection/napalm.py @@ -66,6 +66,7 @@ options: vars: - name: ansible_password - name: ansible_ssh_pass + - name: ansible_ssh_password private_key_file: description: - The private SSH key or certificate file used to authenticate to the diff --git a/lib/ansible/plugins/connection/netconf.py b/lib/ansible/plugins/connection/netconf.py index e71303a535c..65c2c1ff0e8 100644 --- a/lib/ansible/plugins/connection/netconf.py +++ b/lib/ansible/plugins/connection/netconf.py @@ -67,6 +67,8 @@ options: vars: - name: ansible_password - name: ansible_ssh_pass + - name: ansible_ssh_password + - name: ansible_netconf_password private_key_file: description: - The private SSH key or certificate file used to authenticate to the diff --git a/lib/ansible/plugins/connection/network_cli.py b/lib/ansible/plugins/connection/network_cli.py index 1ead46600aa..93e6f749394 100644 --- a/lib/ansible/plugins/connection/network_cli.py +++ b/lib/ansible/plugins/connection/network_cli.py @@ -63,6 +63,7 @@ options: vars: - name: ansible_password - name: ansible_ssh_pass + - name: ansible_ssh_password private_key_file: description: - The private SSH key or certificate file used to authenticate to the diff --git a/lib/ansible/plugins/connection/paramiko_ssh.py b/lib/ansible/plugins/connection/paramiko_ssh.py index 4829a238491..aaab9a07de9 100644 --- a/lib/ansible/plugins/connection/paramiko_ssh.py +++ b/lib/ansible/plugins/connection/paramiko_ssh.py @@ -51,7 +51,9 @@ DOCUMENTATION = """ vars: - name: ansible_password - name: ansible_ssh_pass + - name: ansible_ssh_password - name: ansible_paramiko_pass + - name: ansible_paramiko_password version_added: '2.5' host_key_auto_add: description: 'TODO: write it' diff --git a/lib/ansible/plugins/connection/ssh.py b/lib/ansible/plugins/connection/ssh.py index 61637d8301f..3d091f41818 100644 --- a/lib/ansible/plugins/connection/ssh.py +++ b/lib/ansible/plugins/connection/ssh.py @@ -47,6 +47,7 @@ DOCUMENTATION = ''' vars: - name: ansible_password - name: ansible_ssh_pass + - name: ansible_ssh_password ssh_args: description: Arguments to pass to all ssh cli tools default: '-C -o ControlMaster=auto -o ControlPersist=60s' @@ -605,7 +606,7 @@ class Connection(ConnectionBase): b"-o", b"PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey", b"-o", b"PasswordAuthentication=no" ), - u"ansible_password/ansible_ssh_pass not set" + u"ansible_password/ansible_ssh_password not set" ) user = self._play_context.remote_user @@ -924,7 +925,7 @@ class Connection(ConnectionBase): if states[state] == 'awaiting_prompt': if self._flags['become_prompt']: - display.debug('Sending become_pass in response to prompt') + display.debug('Sending become_password in response to prompt') stdin.write(to_bytes(self._play_context.become_pass) + b'\n') # On python3 stdin is a BufferedWriter, and we don't have a guarantee # that the write will happen without a flush