Re: [ansible-project] Password change automation
On 26.01.2019 01:37, boncalo mihai wrote: The thing is that Ansible uses /etc/hosts file in a way, because the hostname you place into inventory file, or in ansible hosts file must be found in /etc/hosts file in order to be associated to a IP Address if I'm not mistaken. Actually Ansible doesn't use /etc/hosts, but your operation system usually does. Ansible just send the request to the OS and get an IP in response. The name doesn't need to be in /etc/hosts, it could be in DNS as well. The OS searches /etc/hosts first, it it doesn't find it will try DNS. -- Kai Stian Olstad -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/ea4312601d1c076b663d537cabfd723a%40olstad.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Password change automation
Hi Kai, Thanks, it worked like a charm :) I already worked with inventory files but since I did it only few times i missed it. The thing is that Ansible uses /etc/hosts file in a way, because the hostname you place into inventory file, or in ansible hosts file must be found in /etc/hosts file in order to be associated to a IP Address if I'm not mistaken. Thanks, Mihai. On Sat, Jan 26, 2019 at 12:29 AM Kai Stian Olstad wrote: > > On 25.01.2019 22:51, boncalo mihai wrote: > > I don't know Ansible too much but the error "skipping: no hosts > > matched" doesn't seem related to the hashing issue > > > > What intrigues me is that I specified the hostname ansible2, which can > > be found in /etc/hosts > > Ansible doesn't use /etc/hosts, you should read up on basic Ansible > usage. > https://docs.ansible.com/ansible/latest/user_guide/intro_getting_started.html > https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html > > -- > Kai Stian Olstad > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ansible-project+unsubscr...@googlegroups.com. > To post to this group, send email to ansible-project@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/a4eba41124ce7b56bfda24bbfd3bbb21%40olstad.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAOK917T7wUpDyiBM7pbDv_RqvDfs37zCaR%2Bom6qkXbOHmeTZVQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Password change automation
On 25.01.2019 22:51, boncalo mihai wrote: I don't know Ansible too much but the error "skipping: no hosts matched" doesn't seem related to the hashing issue What intrigues me is that I specified the hostname ansible2, which can be found in /etc/hosts Ansible doesn't use /etc/hosts, you should read up on basic Ansible usage. https://docs.ansible.com/ansible/latest/user_guide/intro_getting_started.html https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html -- Kai Stian Olstad -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/a4eba41124ce7b56bfda24bbfd3bbb21%40olstad.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Password change automation
But I'm using a hashing filter inside the platbook for that -
password_hash('sha512')
>From your link - "Use the integrated Hashing filters to generate a
hashed version of a password. You shouldn’t put plaintext passwords in
your playbook or host_vars; instead, use Using Vault in playbooks to
encrypt sensitive data."
I don't know Ansible too much but the error "skipping: no hosts
matched" doesn't seem related to the hashing issue
What intrigues me is that I specified the hostname ansible2, which can
be found in /etc/hosts
On Fri, Jan 25, 2019 at 9:24 PM Hugo Gonzalez wrote:
>
> The password field must be hashed for all unices. You’re using plaintext for
> that. The ansible docs:
>
> Optionally set the user's password to this crypted value.
> On macOS systems, this value has to be cleartext. Beware of security issues.
> To create a disabled account or Linux systems, set this to '!' or '*'.
> See
> https://docs.ansible.com/ansible/faq.html#how-do-i-generate-crypted-passwords-for-the-user-module
> for details on various ways to generate these password values.
>
> Hugo
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/a12d21b4-d094-4ce1-6e72-d8bc37e64d7e%40redhat.com.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAOK917QyGDnbMQPMfZeS0xpDHbE9t9yv81SbjmLk7GBMd%3DSxog%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Password change automation
The password field must be hashed for all unices. You’re using plaintext for that. The ansible docs: Optionally set the user's password to this crypted value. On macOS systems, this value has to be cleartext. Beware of security issues. To create a disabled account or Linux systems, set this to '!' or '*'. See https://docs.ansible.com/ansible/faq.html#how-do-i-generate-crypted-passwords-for-the-user-module for details on various ways to generate these password values. Hugo Untitled -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/a12d21b4-d094-4ce1-6e72-d8bc37e64d7e%40redhat.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Password change automation
Hi,
I know there are lots of examples on the internet but I can't make it work
ansible-playbook --private-key=/root/docker/aatool/ky.pem --extra-vars
admin_password=T3est@ chpass.yml
[WARNING]: provided hosts list is empty, only localhost is available.
Note that the implicit localhost does not match 'all'
[WARNING]: Could not match supplied host pattern, ignoring: ansible2
PLAY [User configuration]
skipping: no hosts matched
PLAY RECAP
***
cat chpass.yml
- name: User configuration
remote_user: root
hosts: ansible2
tasks:
- name: Password change
user:
name: root
state: present
update_password: always
password: "{{ admin_password }}"
shell: /bin/bash
---
What could be the problem ?
Thank you.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAOK917SiT2vwdH7sZ-1x%2B5HkH7kiJnHKT8QP6eTzPWaXbwZ7ZQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
