ansible-2.9 how to password
85 views
Skip to first unread message
Warron French
Apr 29, 2022, 8:30:40 PM4/29/22
to Ansible Project
I am very new to writing ansible syntax, and am working on writing my first playbook.
I want to set a password that I control for a user named admin2 but I cannot find a solid good example for creating the user and setting the password on a RHEL-variant (ALMA Linux):
- name: Add the user admin2
ansible.builtin.user:
name: admin2
comment: "Second admin account"
shell: /bin/bash
groups: users,wheel
append: yes
What can I do in a simple ansible play that enables me to set a password value?
I have seen a few different examples, but I don't know what to trust.
Andrew Latham
Apr 29, 2022, 9:05:10 PM4/29/22
to ansible...@googlegroups.com
https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-generate-encrypted-passwords-for-the-user-module as noted from https://docs.ansible.com/ansible/latest/collections/ansible/builtin/user_module.html
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/3639d1fa-52eb-4dc7-bd40-9c2f87cd22fcn%40googlegroups.com.
- Andrew "lathama" Latham -
Warron French
May 1, 2022, 12:53:19 AM5/1/22
to Ansible Project
Thanks Andrew, I have read these two pages which is where I got my sample code from in the first place.
My focus is on the password hash and getting it delivered.
I am guessing I should use a vault file and have a variable reference it. I can do it that way right?
Hamza Bouabdallah
May 1, 2022, 10:43:53 AM5/1/22
to Ansible Project
in general, if you don't know what to trust than trust "testing and experience", try on your own until you make it !
One way to do it, is to put your password in a var (for example a var named my_pass) that you can optionally encrypt via vault like you said then use the password directive :
- name: Add the user admin2
ansible.builtin.user:
name: admin2
password: {{ my_pass | password_hash('sha512') }}
comment: "Second admin account"
shell: /bin/bash
groups: users,wheel
append: yes
if you want more idempotent results, fix the salt used for password generation, this way :
....
password: {{ my_pass | password_hash('sha512', 'some_salt') }}
....Warron French
May 3, 2022, 8:08:23 PM5/3/22
to Ansible Project
Thank you for that feedback. I am going to try and make this work.
Reply all
Reply to author
Forward
0 new messages