Problem creating postgresql user

[Joshua J. Kugler]

I have this stanza:

- name: Create redmine user
postgresql_user:
name: redmine
password: "ZZZ"
expires: infinity
become: true
become_user: postgres

It runs. The user is created. But regardless of what value I put in the
password field, the md5 hash comes out as

md5bbc5416c08a022eda40297f11f548594

That "bbc5416...." is certainly not what I get when hashing my password, and
like I said, I get that value regardless of what password I use. Even if I set
the password to an md5 hash value starting with "md5," it still ends up as
"md5bbc5416...."

What am I doing wrong? How can I go about debugging this?

Thanks!

j

--
Joshua J. Kugler - Fairbanks, Alaska - jos...@azariah.com
Azariah Enterprises - Programming and Website Design
PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A

[Sudheer Satyanarayana]

On 13/03/19 11:13 AM, Joshua J. Kugler wrote:

I have this stanza:

    - name: Create redmine user
      postgresql_user:
        name: redmine
        password: "ZZZ"
        expires: infinity
      become: true
      become_user: postgres

It runs. The user is created. But regardless of what value I put in the 
password field, the md5 hash comes out as

md5bbc5416c08a022eda40297f11f548594

That "bbc5416...." is certainly not what I get when hashing my password, and 
like I said, I get that value regardless of what password I use. Even if I set 
the password to an md5 hash value starting with "md5," it still ends up as 
"md5bbc5416...."

What am I doing wrong? How can I go about debugging this?

The documentation says this for the password parameter:

"Unhashed password will automatically be hashed when saved into the database if encrypted parameter is set, otherwise it will be save in plain text format."

You are not setting encrypted parameter explicitly. But it is set to 'yes' by default. 

-
Sudheer S

[Joshua J. Kugler]

On Tuesday, March 12, 2019 9:52:14 PM AKDT Sudheer Satyanarayana wrote:
> > That "bbc5416...." is certainly not what I get when hashing my password,
> > and like I said, I get that value regardless of what password I use. Even
> > if I set the password to an md5 hash value starting with "md5," it still
> > ends up as "md5bbc5416...."
> >
> > What am I doing wrong? How can I go about debugging this?
>
> The documentation says this for the password parameter:
>
> "Unhashed password will automatically be hashed when saved into the database
> if|encrypted| parameter is set, otherwise it will be save in plain text
> format."
>
> You are not setting|encrypted parameter explicitly. But it is set to 'yes'
> by default. - Sudheer S |

Yes, I am aware of what the documentation says. I've read it several times
trying to figure out what is wrong. :) Please read my question again:
*regardless* of what value I specify for my password, the hash ends up the
same, and I cannot log in using the password I just created for that user.

[Joshua J. Kugler]

Yes, I'm including full passwords.
1) this is vm on local machine; will change before prod
2) You can use them in your debugging so you can use the same username/
password pairs that I do.

- name: Create redmine user
postgresql_user:
name: redmine

password: "hague9Tendon=table7Narrow6house6"

expires: infinity
become: true
become_user: postgres

postgres=# select rolname,rolpassword from pg_authid;
rolname | rolpassword
----------+-------------------------------------
postgres |
redmine | md5bbc5416c08a022eda40297f11f548594
(2 rows)
postgres=# drop database redmine;
DROP DATABASE
postgres=# drop role redmine;
DROP ROLE

re-run playbook with:

- name: Create redmine user
postgresql_user:
name: redmine

password: "AAAZZZ"

expires: infinity
become: true
become_user: postgres

postgres=# select rolname,rolpassword from pg_authid;
rolname | rolpassword
----------+-------------------------------------
postgres |
redmine | md5bbc5416c08a022eda40297f11f548594
(2 rows)

postgres=# drop database redmine;
DROP DATABASE
postgres=# drop role redmine;
DROP ROLE

re-run playbook with:

- name: Create redmine user
postgresql_user:

name: bluemine
password: "AAAZZZ"

expires: infinity
become: true
become_user: postgres

postgres=# select rolname,rolpassword from pg_authid;
rolname | rolpassword
----------+-------------------------------------
postgres |
bluemine | md53b6542e3548a9ffe2f6a3cd79928bee1
(2 rows)

Yah...some something is really odd here. Changing the password didn't result
in any change, but changing the user name did. For now, I guess I'll do a
shell command, and pipe to psql.

j


On Wednesday, March 13, 2019 10:09:27 AM AKDT mike.d...@gmail.com wrote:
> Can you please check by changing the user name?
>
> I guess, the hash value changes....
> If it is changed, then the password value given here is not considered and
> we need to find out the reason why, as a second step.
>
> If the hash value still doesn't change and remains same, then totally we
> need to think in a different way...
>
> -Mike.

>
> On Wednesday, 13 March 2019 11:14:02 UTC+5:30, Joshua Kugler wrote:
> > I have this stanza:
> > - name: Create redmine user
> >
> > postgresql_user:
> > name: redmine
> > password: "ZZZ"
> > expires: infinity
> >
> > become: true
> > become_user: postgres
> >
> > It runs. The user is created. But regardless of what value I put in the
> > password field, the md5 hash comes out as
> >
> > md5bbc5416c08a022eda40297f11f548594
> >
> > That "bbc5416...." is certainly not what I get when hashing my password,
> > and
> > like I said, I get that value regardless of what password I use. Even if I
> > set
> > the password to an md5 hash value starting with "md5," it still ends up as
> > "md5bbc5416...."
> >
> > What am I doing wrong? How can I go about debugging this?
> >
> > Thanks!
> >
> > j
>

> On Wednesday, 13 March 2019 11:14:02 UTC+5:30, Joshua Kugler wrote:
> > I have this stanza:
> > - name: Create redmine user
> >
> > postgresql_user:
> > name: redmine
> > password: "ZZZ"
> > expires: infinity
> >
> > become: true
> > become_user: postgres
> >
> > It runs. The user is created. But regardless of what value I put in the
> > password field, the md5 hash comes out as
> >
> > md5bbc5416c08a022eda40297f11f548594
> >
> > That "bbc5416...." is certainly not what I get when hashing my password,
> > and
> > like I said, I get that value regardless of what password I use. Even if I
> > set
> > the password to an md5 hash value starting with "md5," it still ends up as
> > "md5bbc5416...."
> >
> > What am I doing wrong? How can I go about debugging this?
> >
> > Thanks!
> >
> > j

Joshua J. Kugler -- Fairbanks, AK
Blogs: http://jjncj.com/blog/ (Family) -- http://joshuakugler.com (Geek)

[Kai Stian Olstad]

On 14.03.2019 06:55, Joshua J. Kugler wrote:
> Yes, I'm including full passwords.
> 1) this is vm on local machine; will change before prod

I startet a LXC with Postgresql 10.6 and uses Ansible 2.7.8 with
psycopg2 2.7.4

> 2) You can use them in your debugging so you can use the same username/
> password pairs that I do.
>
> - name: Create redmine user
> postgresql_user:
> name: redmine
> password: "hague9Tendon=table7Narrow6house6"
> expires: infinity
> become: true
> become_user: postgres
>
> postgres=# select rolname,rolpassword from pg_authid;
> rolname | rolpassword
> ----------+-------------------------------------
> postgres |
> redmine | md5bbc5416c08a022eda40297f11f548594
> (2 rows)

I run the same task an get this

postgres=# select rolname,rolpassword from pg_authid where
rolname='redmine';
rolname | rolpassword
---------+-------------------------------------
redmine | md5b561aa0ddb49924998e8225b57584608
(1 row)


That is the same as the manual
$ echo "md5$(echo -n 'hague9Tendon=table7Narrow6house6redmine' | md5sum
| awk '{print $1}')"
md5b561aa0ddb49924998e8225b57584608

> postgres=# drop database redmine;
> DROP DATABASE
> postgres=# drop role redmine;
> DROP ROLE
>
> re-run playbook with:
>
> - name: Create redmine user
> postgresql_user:
> name: redmine
> password: "AAAZZZ"
> expires: infinity
> become: true
> become_user: postgres
>
> postgres=# select rolname,rolpassword from pg_authid;
> rolname | rolpassword
> ----------+-------------------------------------
> postgres |
> redmine | md5bbc5416c08a022eda40297f11f548594
> (2 rows)

I did not run drop, just rerun the task with new password

postgres=# select rolname,rolpassword from pg_authid where
rolname='redmine';
rolname | rolpassword
---------+-------------------------------------
redmine | md5c2ea21566b3c280dd6272290c478c037
(1 row)


Manual is the same:
$ echo "md5$(echo -n 'AAAZZZredmine' | md5sum | awk '{print $1}')"
md5c2ea21566b3c280dd6272290c478c037

> Yah...some something is really odd here. Changing the password didn't
> result
> in any change, but changing the user name did. For now, I guess I'll do
> a
> shell command, and pipe to psql.

I can not confirm this behavior with Ansible 2.7.8 so if you are not
running latest maybe try to upgrade.

--
Kai Stian Olstad

[Joshua J. Kugler]

On Wednesday, March 13, 2019 11:00:59 PM AKDT Kai Stian Olstad wrote:
> I can not confirm this behavior with Ansible 2.7.8 so if you are not
> running latest maybe try to upgrade.

I am running Ansible 2.7.8 as well. :(

Glad to hear it worked for you. If only I could figure out why it's not
working for me.

j


--

Joshua J. Kugler -- Fairbanks, AK
Blogs: http://jjncj.com/blog/ (Family) -- http://joshuakugler.com (Geek)

Philippians 2:9-11

[Joshua J. Kugler]

On Thursday, March 14, 2019 9:10:23 AM AKDT Joshua J. Kugler wrote:
> On Wednesday, March 13, 2019 11:00:59 PM AKDT Kai Stian Olstad wrote:
> > I can not confirm this behavior with Ansible 2.7.8 so if you are not
> > running latest maybe try to upgrade.
>
> I am running Ansible 2.7.8 as well. :(
>
> Glad to hear it worked for you. If only I could figure out why it's not
> working for me.
>
> j

Well, here I am...to apologize for wasting everyone's time. I was importing a
DB dump, and I didn't realize it was recreating users from the old server as
well.

We can close this thread. Sorry for the noise.

j

--