Hi there,
My understanding is that when ansible makes a connection to the remote
machine it it'll make the connection as 'ansible_user', and doesn't
re-evaluate it for the play. I've split it into two plays, I think it does
what you want. Sorry for the formatting :)
Running the playbook with -vvv shows the first play connecting as my
default user (ansible) and the second play connects as user boblah.
Ansible 2.9
---
- hosts: linux
vars_files:
- ../var_files/user_secret.yml
tasks:
- name: Create User
user:
name: boblah
comment: "test user - supersecret pass"
password: "{{ user_secret | password_hash('sha512',
'mysecretsalt') }}"
state: present
become: true
- hosts: linux
vars_files:
- ../var_files/user_secret.yml
vars:
ansible_user: boblah
ansible_password: "{{ user_secret }}"
- name: Test user
command:
cmd: id
register: id
- name: Connectivity result
debug:
msg: "User created successfully and remote connectivity with
password was successful"
when: id.rc==0
First time submitting anything as an answer, hope it helps.
Thanks,
Charles
On Thursday, October 15, 2020 at 1:23:20 PM UTC-4 [email protected]
wrote:
> My playbook:
>
> ---
> - name: Playbook to create users
> hosts: all
> become: true
>
> vars_files:
> - /home/devops/become_pass.yml
> - /home/devops/user_secret.yml
> vars:
> - ansible_become_password: "{{ become_pass }}"
>
> tasks:
>
> - name: User creation is in progress
> user:
> name: test321
> comment: "Test user"
> password: "{{ user_secret | password_hash('sha512',
> 'mysecretsalt') }}"
> state: present
>
> - name: Trying remote connectivity with newly created user
> become: false
> remote_user: test
> vars:
> ansible_ssh_pass: "{{ user_secret }}"
>
> command:
> cmd: id
> register: x
> no_log: true
>
> - name: Connectivity result
> debug:
> msg: "User created successfully and remote connectivity with
> password was successful"
> when: x.rc==0
> ...
>
> Here I am using vault to pass become password and password to be set for
> user..
>
> User creation is successful and its picking up password from my encrypted
> variable..
> I have tested connectivity for this user with password.. its successful..
>
> But, I am not able to achieve same from playbook.
> I guess - ansible_ssh_pass: "{{ user_secret }}" one is causing issue..
> how I can ask playbook to pickup ssh password for user from encrypted
> variable?
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/53d708c0-37b6-431b-a5ca-5a6301b27515n%40googlegroups.com.
