Wondering if anyone has tried this or is ansible just
intentionally designed to to allow you to do it?
Below is the normal output from creating a hash at the command line as an
example of manually hashing a password.
[root@ansiblehost ~]# python -c "from passlib.hash import sha512_crypt;
import getpass; print sha512_crypt.encrypt(getpass.getpass())"
Password:
$6$rounds=656000$UoSnvgI/Fm7zVWSf$TIKHXTuCECLOy2EQiyvzQpx.X4bflE8le8FmUk7OLSEuIq9HoN0xnHnOWaUFm7x2MCEZsX0/WJ6FBuBc.Nfqi0
I have tried a couple different ways in Ansible 2.8.1 trying to pull in the
stdout with register: variable_name .
Turns out the variable_name data was corrupted/changed with varying numbers
of asterisk and even sometimes : which the plays complained of.
Tried it directly injecting the initial password variable to pass in
without using getpass and using getpass with expect scripts.
Just thought it would be nice when I went to do root password change to
take the new password from an input prompt: , pass it
into a hash that could be captured in a variable to set the password in the
next task without having to do the copy paste stuff.
I pasted what was of interest in the debug between the hashing task and the
variable being used in the update root password task.
No combination of quoting in this case would change the results.
(different password in this case)
"warnings": ["The value {\'stderr_lines\': [], \'changed\': True, \'end\':
\'2********19-********7-********2 ********9:48:53.428542\', \'stdout\':
\'$6$rounds=656************************$6ZlH********TWZkf7a12Zr$O9tjbJfH5Tu9O6xJVft/nsrLODJjj4Nts7AIA74.Z9L1XOK7lfoEvGaJHzbAuXxD.QAzgGgih********kvMlkE9o9np/\',
\'cmd\': \'python -c \\\\\'from passlib.hash import sha512_crypt; print
sha512_crypt.encrypt(\\"rootletmein\\")\\\\\'\', \'rc\': ********,
\'failed\': False, \'stderr\': \'\', \'delta\':
\'********:****************:****************.578785\', \'stdout_lines\':
[\'$6$rounds=656************************$6ZlH********TWZkf7a12Zr$O9tjbJfH5Tu9O6xJVft/nsrLODJjj4Nts7AIA74.Z9L1XOK7lfoEvGaJHzbAuXxD.QAzgGgih********kvMlkE9o9np/\'],
\'start\': \'2********19-********7-********2 ********9:48:52.849757\'}
(type dict) in a string field was converted to
u\'{\\\\\'stderr_lines\\\\\': [], \\\\\'changed\\\\\': True,
\\\\\'end\\\\\': \\\\\'2********19-********7-********2
********9:48:53.428542\\\\\', \\\\\'stdout\\\\\':
\\\\\'$6$rounds=656************************$6ZlH********TWZkf7a12Zr$O9tjbJfH5Tu9O6xJVft/nsrLODJjj4Nts7AIA74.Z9L1XOK7lfoEvGaJHzbAuXxD.QAzgGgih********kvMlkE9o9np/\\\\\',
\\\\\'cmd\\\\\': \\\\\'python -c \\\\\\\\\\\\\'from passlib.hash import
sha512_crypt; print
sha512_crypt.encrypt(\\"rootletmein\\")\\\\\\\\\\\\\'\\\\\',
\\\\\'rc\\\\\': ********, \\\\\'failed\\\\\': False, \\\\\'stderr\\\\\':
\\\\\'\\\\\', \\\\\'delta\\\\\':
\\\\\'********:****************:****************.578785\\\\\',
\\\\\'stdout_lines\\\\\':
[\\\\\'$6$rounds=656************************$6ZlH********TWZkf7a12Zr$O9tjbJfH5Tu9O6xJVft/nsrLODJjj4Nts7AIA74.Z9L1XOK7lfoEvGaJHzbAuXxD.QAzgGgih********kvMlkE9o9np/\\\\\'],
\\\\\'start\\\\\': \\\\\'2********19-********7-********2
********9:48:52.849757\\\\\'}\' (type string). If this does not look like
what you expect, quote the entire value to ensure it does not change.",
"The input password appears not to have been hashed. The \'password\'
argument must be encrypted for this module to work properly."], "failed":
true, "rc": 1
The simple ansible task
- name: Update local Linux Account Password
user:
name: "{{account_being_changed}}"
update_password: always
password: "{{new_account_crypt_pw}}"
Thanks,
Paul the nubie!
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/c56abfd2-d12b-4469-9fb8-46bbb72c980a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
