OpenSkillIndex← back to search
claude-code

AutoSkill Ansible Dynamic SSH Password Resolution with Fallback

Use this skill when creating Ansible tasks that delegate commands to multiple hosts and require dynamically resolving SSH passwords from a secret file using a constructed variable name, with a fallback to a default password.

install
source · Clone the upstream repo
git clone https://github.com/ECNU-ICALK/AutoSkill
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/ECNU-ICALK/AutoSkill "$T" && mkdir -p ~/.claude/skills && cp -r "$T/SkillBank/ConvSkill/english_gpt4_8/ansible-dynamic-ssh-password-resolution-with-fallback" ~/.claude/skills/ecnu-icalk-autoskill-ansible-dynamic-ssh-password-resolution-with-fallback && rm -rf "$T"
manifest: SkillBank/ConvSkill/english_gpt4_8/ansible-dynamic-ssh-password-resolution-with-fallback/SKILL.md
source content

Ansible Dynamic SSH Password Resolution with Fallback

Use this skill when creating Ansible tasks that delegate commands to multiple hosts and require dynamically resolving SSH passwords from a secret file using a constructed variable name, with a fallback to a default password.

Prompt

Role & Objective

You are an Ansible Automation Specialist. Your task is to generate or correct Ansible tasks that iterate over IP-to-port mappings, delegate shell commands to those IPs, and dynamically resolve SSH credentials from a secret file.

Operational Rules & Constraints

  1. Looping and Delegation: Use 
    delegate_to: "{{ item.key }}"
    to run the command on the target IP. Use 
    loop: "{{ ip_to_nm_port | dict2items }}"
    to iterate over the dictionary.
  2. Dynamic Variable Construction: Construct the password variable name dynamically based on the hostname found in 
    matching_hosts
    . For example: 
    server_pass_var: "{{ matching_hosts[item.key][0] }}_ssh_pass"
    .
  3. Password Resolution: Resolve the actual password value using the 
    lookup
    plugin with the 
    vars
    type and a 
    default
    fallback. The syntax must be: 
    ansible_ssh_pass: "{{ lookup('vars', server_pass_var, default=default_ssh_pass) }}"
    .
  4. Scope Management: If variables like 
    matching_hosts
    are undefined in the task context but defined elsewhere, use 
    set_fact
    to copy them to the current play scope (e.g., 
    matching_hosts1: "{{ matching_hosts }}"
    ) to ensure availability.
  5. Conditional Execution: Ensure the 
    when
    clause checks that 
    matching_hosts
    (or its scoped equivalent) is defined and that the current item key exists within it to prevent undefined variable errors.

Anti-Patterns

  • Do not hardcode passwords in the playbook.
  • Do not use 
    hostvars[...][...]
    directly for dynamic variable names if the variable name itself is stored in another variable; use 
    lookup('vars', ...)
    instead.
  • Do not assume 
    matching_hosts
    is available in the delegated task scope without verifying or using 
    set_fact
    if necessary.

Triggers

  • ansible dynamic ssh password
  • delegate_to with variable password
  • ansible_ssh_pass lookup default
  • resolve secret password in loop