Коллеги, помогите решить вопрос. Сразу условие: менять настройки на target машинах

нельзя.

Есть вот такой вот плейбук:

---
- hosts: elastic
become: yes
tasks:
- name: ping
action: command id

Неважно что он делает на самом деле, потому что проблема возникает при запуске:
ansible-playbook --inventory ~/ansible/ansible-playbooks/inventories/production/hosts \
--vault-password-file ~/ansible/vault.passwd \
--ask-pass \
--ask-become-pass \
~/ansible/test.yml

Проблема:
TASK [Gathering Facts] *********************************************************************************************************************************************************************************
fatal: [elastic2.tld]: FAILED! => {"ansible_facts": {}, "changed": false, "failed_modules": {"setup": {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "failed": true, "module_stderr": "Shared connection to 10.72.55.66 closed.\r\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1, "warnings": ["Platform linux on host elastic2.tld is using the discovered Python interpreter at /usr/bin/python, but future installation of another Python interpreter could change this. See https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information."]}}, "msg": "The following modules failed to execute: setup\n"}
fatal: [elastic3.tld]: FAILED! => {"ansible_facts": {}, "changed": false, "failed_modules": {"setup": {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "failed": true, "module_stderr": "Shared connection to 10.72.55.67 closed.\r\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1, "warnings": ["Platform linux on host elastic3.tld is using the discovered Python interpreter at /usr/bin/python, but future installation of another Python interpreter could change this. See https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information."]}}, "msg": "The following modules failed to execute: setup\n"}
[WARNING]: Platform linux on host elastic1.tld is using the discovered Python interpreter at /usr/bin/python, but future installation of another Python interpreter could change this. See
https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information.
ok: [elastic1.tld]
Я стал искать причину и нашёл: на elastic1 sudo запрашивает пароль, а на elastic2 и elastic3 в конфиге стоит NOPASSWD. Напоминаю что менять конфигурацию машин нельзя.

Как можно (не разнося машины на разные группы) «обойти» проблему?

You can define different become options for each managed node or group. You can define these variables in inventory or use them as normal variables.

но там нет такой переменной типа "ask_become_password: true"

https://docs.ansible.com/ansible/latest/reference_appendices/config.html#default-become-ask-pass