ansible command on messages
14 views
Skip to first unread message
Alfredo De Luca
Aug 10, 2018, 7:01:58 AM8/10/18
to ansible...@googlegroups.com
Hi all.
With ansible we are changing root passwords on our machines. the root password is in a vault so all ok....
But I find our the the command we run to change the password is visible on /var/log/messages ..included the password itself....
How can I remove that or do that in a different way?
Cheers
Alfredo
Jonathan Lozada De La Matta
Aug 10, 2018, 7:15:37 AM8/10/18
to ansible...@googlegroups.com
have you tried to do no_log: True ?
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAAWpFTEgV4ZtBakon9EK4qDpYZCgv8b-OCO-hB24x3269_axFw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Jonathan lozada de la matta
AUTOMATION CONSULTANT - AUTOMATION PRACTICE
Alfredo De Luca
Aug 10, 2018, 7:32:56 AM8/10/18
to ansible...@googlegroups.com
Thanks heaps. there is also no_target_syslog... which it could be more appropriate for what I need to do.
Cheers
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAFYJA%2BK-NOTJHLYJBtQuQFBLfu7wsXxR-N2ngtSMVFVqsHZYMg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Alfredo
Alfredo De Luca
Aug 10, 2018, 8:39:43 AM8/10/18
to ansible...@googlegroups.com
no_log
worked perfectly!
thanks
Alfredo
Jobin A T. A T.
Aug 10, 2018, 1:30:03 PM8/10/18
to ansible...@googlegroups.com
Hai please use this method I tested this and it successfully worked
First generate an encrypted password
Using
Python code for generating SHA512 password
python -c "from passlib.hash import sha512_crypt; import getpass; print
sha512_crypt.encrypt(getpass.getpass())"
python -c "from passlib.hash import sha512_crypt; import getpass; print
sha512_crypt.encrypt(getpass.getpass())"
And use
tasks:
- name: changing root password
user:
name: "root" ## Should not have "-"
password:
"$6$rounds=656000$XCYDmKM2Wh6LkAkf$2t/9L0OP4yJgy3wukrahPAM1qZG.SFNoe3eR53
EqTq1t6.X.9YL78PJ2uje6dAp1Xxt8UqDe.kqj2/9F7bsvM/"
- name: changing root password
user:
name: "root" ## Should not have "-"
password:
"$6$rounds=656000$XCYDmKM2Wh6LkAkf$2t/9L0OP4yJgy3wukrahPAM1qZG.SFNoe3eR53
EqTq1t6.X.9YL78PJ2uje6dAp1Xxt8UqDe.kqj2/9F7bsvM/"
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAAWpFTEgx1_hqGidudP7%3DE61xx_Ar4wXEMXKd6bnD62NeOH1DQ%40mail.gmail.com.
Jonathan Lozada De La Matta
Aug 10, 2018, 1:31:08 PM8/10/18
to ansible...@googlegroups.com
I think vault its a better option and integrates better.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAJndQzPph297vTxXuKzaYz_nLxg%2B9Fh5wDhFeHD1ScwydEaqKg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages