Re: [ansible-project] Adding a value to a host_vars file from an ansible play

Thu, 24 Mar 2016 10:24:27 -0700 

I have a slightly different approach to this. I have a relatively generic 
pooldata action plugin. This is used in a play like this:-

- name: Get root password
  pooldata:
    data_file:      pooldata/rootpw/used/{{inventory_hostname}}.json
    pool_directory: pooldata/rootpw/pool

- name: Set root password
  user:  
    name:     root
    state:    present
    password: '{{ generated_root_password.crypted_password }}'
    comment:  'Superuser Account'
If there is a file corresponding to the data_file then the (JSON) contents of 
that are loaded into facts.

Otherwise a random file from the pool_directory is renamed to the data_file and 
that is loaded.

The files are autogenerated by a script, and look like this:-

{
   "generated_root_password" : {
      "crypted_password" : 
"$6$U2.gCoRx$r19ANf9aUP2/Eqvj.SciaMFo5QXDS8pp1gKtQQMGJrb571V8Tp.dCNCeKhnqWllQ39g.5VZjBI7a4vjnJqwr31",
      "tag" : "ceVePaDa",
      "record_number" : 2049
   }
}
The script that generates them also generates a lookup table stored separately 
of the actual password against the tag/record number. This means the clear text 
root passwords are not stored on the ansible box.

This dance is done to allow the “database” to be easily held in git without 
potentially hitting difficult merge issues if there are branches etc.

I’m very happy to make the pooldata plugin available - I should have cleaned it 
up and pushed it to github years ago!

Nigel.
On 24 March 2016 at 14:31:34, Johannes Kastl ([email protected]) wrote:
Bootstrapping a new server, creating a user, setting a random  
password. Works like a charm.  

But is it possible to save the generated password in the corresponding  
host_vars file for the new server?  


-- 
[ Nigel Metheringham ------------------------------ [email protected] ]  
[                 Ellipsis Intangible Technologies                  ]
  

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/etPan.56f422aa.1674e1b1.40d%40weatherwax.intechnology.co.uk.
For more options, visit https://groups.google.com/d/optout.

Reply via email to