Safer to prompt for root password?

[groovenectar]

Is it possible to have it prompt for a root password?

I thought maybe the mysql_root_password_update is what does this, but I'm misunderstanding it.

Thinking about perhaps a deployment server where we might not want the root database password lingering in a .yml file or even an environment config...

[tgadiev]

You can set any variable and prompt its value input from playbook installing a role. Add pre-task for setting parameters you need for example.

[llbbl]

do you have example handy? @tgadiev :)

[stefanux]

one way is to take it from the environment, in a playbook:

  vars:
    mysql_root_password: "{{ lookup('env', 'mysql_root_password') }}"

example of a shellscript to ask for it (and generate a random password with pwgen):

read -p "mysql_root_password? " mysql_root_password
if [ -z $mysql_root_password ]; then
  echo "generating random password..."
  mysql_root_password=$(pwgen -1 16)
fi
echo "mysql_root_password is $mysql_root_password"
export mysql_root_password="$mysql_root_password"

[stale]

This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark issues as stale.

[stale]

This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.

[colans]

I don't believe that this is necessary as others have mentioned several ways of handling this in Ansible. Another one: If you're committing your playbooks to Git, you can leave out the passwords there and specify them on the command line.

But I think I better strategy is the one I mentioned in #223, generate a random one and stick it in the appropriate file.