Have you tried using the password module to generate a random passwd?
https://docs.ansible.com/ansible/latest/plugins/lookup/password.html
On Tuesday, July 2, 2019 at 7:36:26 PM UTC-7, Paul Shulz wrote:
>
> Wondering if anyone has tried this or is ansible just
> intentionally designed to to allow you to do it?
>
> Below is the normal output from creating a hash at the command line as an
> example of manually hashing a password.
>
> [root@ansiblehost ~]# python -c "from passlib.hash import sha512_crypt;
> import getpass; print sha512_crypt.encrypt(getpass.getpass())"
> Password:
>
> $6$rounds=656000$UoSnvgI/Fm7zVWSf$TIKHXTuCECLOy2EQiyvzQpx.X4bflE8le8FmUk7OLSEuIq9HoN0xnHnOWaUFm7x2MCEZsX0/WJ6FBuBc.Nfqi0
>
> I have tried a couple different ways in Ansible 2.8.1 trying to pull in
> the stdout with register: variable_name .
> Turns out the variable_name data was corrupted/changed with varying
> numbers of asterisk and even sometimes : which the plays complained of.
> Tried it directly injecting the initial password variable to pass in
> without using getpass and using getpass with expect scripts.
> Just thought it would be nice when I went to do root password change to
> take the new password from an input prompt: , pass it
> into a hash that could be captured in a variable to set the password in
> the next task without having to do the copy paste stuff.
>
> I pasted what was of interest in the debug between the hashing task and
> the variable being used in the update root password task.
> No combination of quoting in this case would change the results.
> (different password in this case)
>
> "warnings": ["The value {\'stderr_lines\': [], \'changed\': True, \'end\':
> \'2********19-********7-********2 ********9:48:53.428542\', \'stdout\':
> \'$6$rounds=656************************$6ZlH********TWZkf7a12Zr$O9tjbJfH5Tu9O6xJVft/nsrLODJjj4Nts7AIA74.Z9L1XOK7lfoEvGaJHzbAuXxD.QAzgGgih********kvMlkE9o9np/\',
>
> \'cmd\': \'python -c \\\\\'from passlib.hash import sha512_crypt; print
> sha512_crypt.encrypt(\\"rootletmein\\")\\\\\'\', \'rc\': ********,
> \'failed\': False, \'stderr\': \'\', \'delta\':
> \'********:****************:****************.578785\', \'stdout_lines\':
> [\'$6$rounds=656************************$6ZlH********TWZkf7a12Zr$O9tjbJfH5Tu9O6xJVft/nsrLODJjj4Nts7AIA74.Z9L1XOK7lfoEvGaJHzbAuXxD.QAzgGgih********kvMlkE9o9np/\'],
>
> \'start\': \'2********19-********7-********2 ********9:48:52.849757\'}
> (type dict) in a string field was converted to
> u\'{\\\\\'stderr_lines\\\\\': [], \\\\\'changed\\\\\': True,
> \\\\\'end\\\\\': \\\\\'2********19-********7-********2
> ********9:48:53.428542\\\\\', \\\\\'stdout\\\\\':
> \\\\\'$6$rounds=656************************$6ZlH********TWZkf7a12Zr$O9tjbJfH5Tu9O6xJVft/nsrLODJjj4Nts7AIA74.Z9L1XOK7lfoEvGaJHzbAuXxD.QAzgGgih********kvMlkE9o9np/\\\\\',
>
> \\\\\'cmd\\\\\': \\\\\'python -c \\\\\\\\\\\\\'from passlib.hash import
> sha512_crypt; print
> sha512_crypt.encrypt(\\"rootletmein\\")\\\\\\\\\\\\\'\\\\\',
> \\\\\'rc\\\\\': ********, \\\\\'failed\\\\\': False, \\\\\'stderr\\\\\':
> \\\\\'\\\\\', \\\\\'delta\\\\\':
> \\\\\'********:****************:****************.578785\\\\\',
> \\\\\'stdout_lines\\\\\':
> [\\\\\'$6$rounds=656************************$6ZlH********TWZkf7a12Zr$O9tjbJfH5Tu9O6xJVft/nsrLODJjj4Nts7AIA74.Z9L1XOK7lfoEvGaJHzbAuXxD.QAzgGgih********kvMlkE9o9np/\\\\\'],
>
> \\\\\'start\\\\\': \\\\\'2********19-********7-********2
> ********9:48:52.849757\\\\\'}\' (type string). If this does not look like
> what you expect, quote the entire value to ensure it does not change.",
> "The input password appears not to have been hashed. The \'password\'
> argument must be encrypted for this module to work properly."], "failed":
> true, "rc": 1
>
>
> The simple ansible task
> - name: Update local Linux Account Password
> user:
> name: "{{account_being_changed}}"
> update_password: always
> password: "{{new_account_crypt_pw}}"
>
> Thanks,
> Paul the nubie!
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/b1ee8f8e-a061-4214-b379-bef407e8343e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
