loops-within-loops?
44 views
Skip to first unread message
Dewey Hylton
Aug 3, 2015, 8:29:28 PM8/3/15
to Ansible Project
hi all. i’m not new to ansible but am still apparently fairly green with regards to what appears to me to be non-trivial stuff.
my current goal is to replace an aging python script which does something like this (very bad pseudo-code but will hopefully make sense):
for each user, password:
if user exists:
password = password+randomtext
if ostype = 1:
passhash = hash1(password)
elif ostype = 2:
passhash = hash2(password)
else:
passhash = hash3(password)
set user password using passhash (done via user: in unusable)
do to os restrictions, i am creating the password hash via local_action python/passlib.hash (the jinja2 | password_hash filter doesn’t provide the needed hash in all situations). this is a task by itself. the text for the password is somewhat programmatically created, requiring its own task.
i’ve been able to get all this working in ansible playbook format using a single user / password combination across multiple hosts with the multiple hash requirements. what i’m failing to figure out is how to loop through multiple users each having their own base password. this same lack of understanding will also cause me to fail when dealing with multiple files later in this same project.
the bottom line is that i’m trying to create a loop within a loop; the outer loop is per user, the inner loop is dealing with the password hash and requires multiple tasks. this is the way it works in the original python; ansible of course doesn’t work this way and i’m having difficulty figuring out how to do this without running the playbook multiple times with different variables. i've tried and failed to figure out how to do this via 'register' and 'set_fact' ...
i’ve gotten good feedback via irc, but ultimately need a bigger clue stick. please whack away.
my current goal is to replace an aging python script which does something like this (very bad pseudo-code but will hopefully make sense):
for each user, password:
if user exists:
password = password+randomtext
if ostype = 1:
passhash = hash1(password)
elif ostype = 2:
passhash = hash2(password)
else:
passhash = hash3(password)
set user password using passhash (done via user: in unusable)
do to os restrictions, i am creating the password hash via local_action python/passlib.hash (the jinja2 | password_hash filter doesn’t provide the needed hash in all situations). this is a task by itself. the text for the password is somewhat programmatically created, requiring its own task.
i’ve been able to get all this working in ansible playbook format using a single user / password combination across multiple hosts with the multiple hash requirements. what i’m failing to figure out is how to loop through multiple users each having their own base password. this same lack of understanding will also cause me to fail when dealing with multiple files later in this same project.
the bottom line is that i’m trying to create a loop within a loop; the outer loop is per user, the inner loop is dealing with the password hash and requires multiple tasks. this is the way it works in the original python; ansible of course doesn’t work this way and i’m having difficulty figuring out how to do this without running the playbook multiple times with different variables. i've tried and failed to figure out how to do this via 'register' and 'set_fact' ...
i’ve gotten good feedback via irc, but ultimately need a bigger clue stick. please whack away.
Dewey Hylton
Aug 4, 2015, 9:21:39 AM8/4/15
to Ansible Project
an example failure on my part ... given the following:
vars:
- users:
- newtestuser1:
username: newtestuser1
basetext: foo1
password: none
- newtestuser2:
username: newtestuser2
basetext: foo2
password: none
tasks:
- name: generate passwd text
local_action: shell python -c 'from datetime import datetime; nowiso=datetime.now().isoformat(); print("%s%s%s" % (nowiso[3], "{{ item.basetext }}", nowiso[5:7]))'
register: password
with_items: "{{ users }}"
is there a way to take the output (password.stdout ?) for each iteration and assign it to username.password so that they can be properly accessed for later processing? or is there a different way to access these variables that i'm just missing?
in the end, i need to create a password hash for each of these text passwords, and associate the hash with the proper username for use with the user: module ...
Reply all
Reply to author
Forward
0 new messages