Password change automation
15 views
Skip to first unread message
boncalo mihai
Jan 25, 2019, 1:57:13 PM1/25/19
to ansible...@googlegroups.com
Hi,
I know there are lots of examples on the internet but I can't make it work
ansible-playbook --private-key=/root/docker/aatool/ky.pem --extra-vars
admin_password=T3est@ chpass.yml
[WARNING]: provided hosts list is empty, only localhost is available.
Note that the implicit localhost does not match 'all'
[WARNING]: Could not match supplied host pattern, ignoring: ansible2
PLAY [User configuration]
************************************************************************************************************************************
skipping: no hosts matched
PLAY RECAP ***************************************************************************************************************************************************
cat chpass.yml
- name: User configuration
remote_user: root
hosts: ansible2
tasks:
- name: Password change
user:
name: root
state: present
update_password: always
password: "{{ admin_password }}"
shell: /bin/bash
-------------------------------------------------------------------------------------------------------------------------------
What could be the problem ?
Thank you.
I know there are lots of examples on the internet but I can't make it work
ansible-playbook --private-key=/root/docker/aatool/ky.pem --extra-vars
admin_password=T3est@ chpass.yml
[WARNING]: provided hosts list is empty, only localhost is available.
Note that the implicit localhost does not match 'all'
[WARNING]: Could not match supplied host pattern, ignoring: ansible2
PLAY [User configuration]
************************************************************************************************************************************
skipping: no hosts matched
PLAY RECAP ***************************************************************************************************************************************************
cat chpass.yml
- name: User configuration
remote_user: root
hosts: ansible2
tasks:
- name: Password change
user:
name: root
state: present
update_password: always
password: "{{ admin_password }}"
shell: /bin/bash
-------------------------------------------------------------------------------------------------------------------------------
What could be the problem ?
Thank you.
Hugo Gonzalez
Jan 25, 2019, 2:24:35 PM1/25/19
to ansible...@googlegroups.com
The password field must be hashed for all unices. You’re using plaintext for that. The ansible docs:
Optionally set the user's password to this crypted value. On macOS systems, this value has to be cleartext. Beware of security issues. To create a disabled account or Linux systems, set this to '!' or '*'. See https://docs.ansible.com/ansible/faq.html#how-do-i-generate-crypted-passwords-for-the-user-module for details on various ways to generate these password values.
Hugo
boncalo mihai
Jan 25, 2019, 4:51:42 PM1/25/19
to ansible...@googlegroups.com
But I'm using a hashing filter inside the platbook for that -
password_hash('sha512')
From your link - "Use the integrated Hashing filters to generate a
hashed version of a password. You shouldn’t put plaintext passwords in
your playbook or host_vars; instead, use Using Vault in playbooks to
encrypt sensitive data."
I don't know Ansible too much but the error "skipping: no hosts
matched" doesn't seem related to the hashing issue
What intrigues me is that I specified the hostname ansible2, which can
be found in /etc/hosts
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/a12d21b4-d094-4ce1-6e72-d8bc37e64d7e%40redhat.com.
> For more options, visit https://groups.google.com/d/optout.
password_hash('sha512')
From your link - "Use the integrated Hashing filters to generate a
hashed version of a password. You shouldn’t put plaintext passwords in
your playbook or host_vars; instead, use Using Vault in playbooks to
encrypt sensitive data."
I don't know Ansible too much but the error "skipping: no hosts
matched" doesn't seem related to the hashing issue
What intrigues me is that I specified the hostname ansible2, which can
be found in /etc/hosts
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/a12d21b4-d094-4ce1-6e72-d8bc37e64d7e%40redhat.com.
> For more options, visit https://groups.google.com/d/optout.
Kai Stian Olstad
Jan 25, 2019, 5:29:08 PM1/25/19
to ansible...@googlegroups.com
On 25.01.2019 22:51, boncalo mihai wrote:
> I don't know Ansible too much but the error "skipping: no hosts
> matched" doesn't seem related to the hashing issue
>
> What intrigues me is that I specified the hostname ansible2, which can
> be found in /etc/hosts
Ansible doesn't use /etc/hosts, you should read up on basic Ansible
> I don't know Ansible too much but the error "skipping: no hosts
> matched" doesn't seem related to the hashing issue
>
> What intrigues me is that I specified the hostname ansible2, which can
> be found in /etc/hosts
usage.
https://docs.ansible.com/ansible/latest/user_guide/intro_getting_started.html
https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html
--
Kai Stian Olstad
boncalo mihai
Jan 25, 2019, 7:37:39 PM1/25/19
to ansible...@googlegroups.com
Hi Kai,
Thanks, it worked like a charm :)
I already worked with inventory files but since I did it only few
times i missed it. The thing is that Ansible uses /etc/hosts file in a
way, because the hostname you place into inventory file, or in
ansible hosts file must be found in /etc/hosts file in order to be
associated to a IP Address if I'm not mistaken.
Thanks,
Mihai.
Thanks, it worked like a charm :)
I already worked with inventory files but since I did it only few
times i missed it. The thing is that Ansible uses /etc/hosts file in a
way, because the hostname you place into inventory file, or in
ansible hosts file must be found in /etc/hosts file in order to be
associated to a IP Address if I'm not mistaken.
Thanks,
Mihai.
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/a4eba41124ce7b56bfda24bbfd3bbb21%40olstad.com.
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
Kai Stian Olstad
Jan 26, 2019, 8:26:50 AM1/26/19
to ansible...@googlegroups.com
On 26.01.2019 01:37, boncalo mihai wrote:
> The thing is that Ansible uses /etc/hosts file in a
> way, because the hostname you place into inventory file, or in
> ansible hosts file must be found in /etc/hosts file in order to be
> associated to a IP Address if I'm not mistaken.
Actually Ansible doesn't use /etc/hosts, but your operation system
> The thing is that Ansible uses /etc/hosts file in a
> way, because the hostname you place into inventory file, or in
> ansible hosts file must be found in /etc/hosts file in order to be
> associated to a IP Address if I'm not mistaken.
usually does.
Ansible just send the request to the OS and get an IP in response.
The name doesn't need to be in /etc/hosts, it could be in DNS as well.
The OS searches /etc/hosts first, it it doesn't find it will try DNS.
--
Kai Stian Olstad
Reply all
Reply to author
Forward
0 new messages