Is the user module idempotent?
723 views
Skip to first unread message
Johannes Kastl
Jun 1, 2016, 8:28:38 AM6/1/16
to ansible...@googlegroups.com
Hi all,
I tried the following task, but it reports 'changed' each time it
runs. Is this intentional?
- name: "create user"
user: name="foobar"
password="{{ some_variable | password_hash('sha512') }}"
createhome=yes
state=present
register: some_result_variable
Ansible 2.1 running on OSX 10.10.5 with different linux machines as
targets.
Johannes
I tried the following task, but it reports 'changed' each time it
runs. Is this intentional?
- name: "create user"
user: name="foobar"
password="{{ some_variable | password_hash('sha512') }}"
createhome=yes
state=present
register: some_result_variable
Ansible 2.1 running on OSX 10.10.5 with different linux machines as
targets.
Johannes
Uditha Desilva
Jun 1, 2016, 9:25:32 AM6/1/16
to Ansible Project
I believe that's because the password_hash function uses a random seed, so the actual encrypted password will be different each time.
Johannes Kastl
Jun 1, 2016, 11:00:33 AM6/1/16
to ansible...@googlegroups.com
Hi,
On 01.06.16 15:25 Uditha Desilva wrote:
> I believe that's because the password_hash function uses a random seed, so
> the actual encrypted password will be different each time.
Any idea how to avoid this?
Storing the hash of the password in a variable, instead of the
non-hashed version?
Johannes
On 01.06.16 15:25 Uditha Desilva wrote:
> I believe that's because the password_hash function uses a random seed, so
> the actual encrypted password will be different each time.
Storing the hash of the password in a variable, instead of the
non-hashed version?
Johannes
Kai Stian Olstad
Jun 1, 2016, 11:07:34 AM6/1/16
to ansible...@googlegroups.com
http://docs.ansible.com/ansible/playbooks_filters.html#hashing-filters
{{ 'secretpassword'|password_hash('sha256', 'mysecretsalt') }}
--
Kai Stian Olstad
Matt Martz
Jun 1, 2016, 11:52:04 AM6/1/16
to ansible...@googlegroups.com
Alternatively, you could look at the `update_password` option for the user module. http://docs.ansible.com/ansible/user_module.html
The default is `always`
"`always` will update passwords if they differ. `on_create` will only set the password for newly created users."
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/386b8bfbae48b415f0ba1d83944a4e94%40olstad.com.
Johannes Kastl
Jun 1, 2016, 12:08:33 PM6/1/16
to ansible...@googlegroups.com
On 01.06.16 17:51 Matt Martz wrote:
> Alternatively, you could look at the `update_password` option for the user
> module. http://docs.ansible.com/ansible/user_module.html
>
> The default is `always`
>
> "`always` will update passwords if they differ. `on_create` will only set
> the password for newly created users."
Thanks Matt, I must have overlooked that one. I can confirm that this
> Alternatively, you could look at the `update_password` option for the user
> module. http://docs.ansible.com/ansible/user_module.html
>
> The default is `always`
>
> "`always` will update passwords if they differ. `on_create` will only set
> the password for newly created users."
solves the module reporting 'changed' on every run in my case.
Johannes
Reply all
Reply to author
Forward
0 new messages