diff --git a/docs/installing.md b/docs/installing.md index f63f0fdcb47..38715c09115 100644 --- a/docs/installing.md +++ b/docs/installing.md @@ -41,6 +41,8 @@ If you **don't** use SSH keys for authentication, but rather a regular password, If you **do** use SSH keys for authentication, **and** use a non-root user to *become* root (sudo), you may need to add `-K` (`--ask-become-pass`) to all Ansible commands. +If you use a password manager like `pass` or `gopass`, you can also add `ansible_become_password: "{{ lookup('community.general.passwordstore', 'path/to/password' }}"` to the hosts file. See the [documentation](https://docs.ansible.com/ansible/latest/collections/community/general/passwordstore_lookup.html) for more configuration options. + There 2 ways to start the installation process — depending on whether you're [Installing a brand new server (without importing data)](#installing-a-brand-new-server-without-importing-data) or [Installing a server into which you'll import old data](#installing-a-server-into-which-youll-import-old-data). **Note**: if you are migrating from an old server to a new one, take a look at [this guide](maintenance-migrating.md) instead. This is an easier and more straightforward way than installing a server and importing old data into it. diff --git a/examples/hosts b/examples/hosts index 5a29fbfc5e0..254d8fa8695 100644 --- a/examples/hosts +++ b/examples/hosts @@ -3,7 +3,8 @@ # # To connect using a non-root user (and elevate to root with sudo later), # replace `ansible_ssh_user=root` with something like this: `ansible_ssh_user=username ansible_become=true ansible_become_user=root`. -# If sudo requires a password, either add `ansible_become_password=PASSWORD_HERE` to the host line +# If sudo requires a password, either add `ansible_become_password=PASSWORD_HERE` +# or `ansible_become_password: "{{ lookup('community.general.passwordstore', 'path/to/password' }}"` to the host line, # or tell Ansible to ask you for the password interactively by adding a `--ask-become-pass` (`-K`) flag to all `ansible-playbook` (or `just`) commands. # # For improved Ansible performance, SSH pipelining is enabled by default in `ansible.cfg`.