subject:"\[ansible\-project\] trying to reset root password by using .yml playbook, but its failed with permission denied error, however same .yml playbook is working via terminal."

Re: [ansible-project] trying to reset root password by using .yml playbook, but its failed with permission denied error, however same .yml playbook is working via terminal.

2018-08-05 Thread Deepan M

Hi,

Below is my conf details

 cat ansible.cfg
[defaults]
host_key_checking = False
remote_user = q5c9nf32
inventory = inventory

[privilege_escalation]
become = True
become_method = sudo
become_user = root
become_ask_pass = True

Thanks,
Deepan M


On Saturday, July 21, 2018 at 9:13:06 PM UTC+5:30, Jean-Yves LENHOF wrote:
>
> Hi,
>
> Are become & become_user setted ?
>
> Reagrds,
>
>
> JYL
>
> Le 21/07/2018 à 16:26, Deepan M a écrit :
>
>
> Can you someone please read below error and suggest what needs to be done!
>
> *Error:-*
>
> fatal: [usa7061lv1771]: FAILED! => {"changed": false, "cmd": 
> "/usr/sbin/usermod -p VALUE_SPECIFIED_IN_NO_LOG_PARAMETER root", "msg": 
> "[Errno 13] Permission denied", "rc": 13}
>
>
>
>
> *Playbook:- *cat change-root-password1.yml
> - hosts: xerox
>   tasks:
>   - name: Change root password
> user: name=root update_password=always 
> password=$6$4ylWRRN/$5X51fvVvOxzkyI2yfzdQT.c/R9tVDGqaByrABrv7VOzU2KXUClTvOfubzPFSzOnNJlcoftsUwSe1bF45iANJ01
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-proje...@googlegroups.com .
> To post to this group, send email to ansible...@googlegroups.com 
> .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/fe78f66d-f9b2-46f4-b934-3ce1908705ec%40googlegroups.com
>  
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1d1b2afa-3d4d-4700-8bcd-af76edb8e8bc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] trying to reset root password by using .yml playbook, but its failed with permission denied error, however same .yml playbook is working via terminal.

2018-08-02 Thread Dan Linder

To save the call to the external Python command to encrypt the password, 
you can use the Jinja2 "password_hash" documented here:


https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#hashing-filters

So your example could look like this:

- name: changing root password
user:
name: "root"
password: "{{ root_password | password_hash('sha512') }}"

Where "root_password" is a variable set earlier (hopefully stored as an 
Ansible vaulted variable).

The only drawback here is that the hashed password will be the same on all 
systems.  Use a "salted hash" [Note 1] so they are not easily noticeable as 
identical to the casual observer:

password: "{{ root_password | password_hash('sha512', 
65534|random(seed=inventory_hostname)|string) }}"

This will use the hostname as a consistent seed to the random function, 
then generate a number from 0..65534, finally turning that into a string 
for the password_hash funciton to use.

Note 1: What is a "salted hash" in computers?  
https://www.skyhighnetworks.com/cloud-security-blog/what-is-a-salt-and-how-does-it-make-password-hashing-more-secure/

On Tuesday, July 31, 2018 at 3:32:21 AM UTC-5, Jobin A T. A T. wrote:

> hi 
> check this one
>   - name: changing root password
> user:
>   name: "root"   ## Should not have "-"
>   password: 
> "$6$rounds=656000$XCYDmKM2Wh6LkAkf$2t/9L0OP4yJgy3wukrahPAM1qZG.SFNoe3eR53EqTq1t6.X.9YL78PJ2uje6dAp1Xxt8UqDe.kqj2/9F7bsvM/"
>
>
> i generated the the password hash using the python code 
>
> python -c "from passlib.hash import sha512_crypt; import getpass; print 
> sha512_crypt.encrypt(getpass.getpass())"
>
>
> On Wed, Jul 25, 2018 at 12:52 AM Deepan M  > wrote:
>
>> Thanks Kai for your suggestion, its working perfect. in Jenkins I dont 
>> find the way to change directory, however default file is picking it up.
>>
>> Thanks all for giving your supports.
>>
>>
>>  ansible --version
>> [WARNING]: log file at /var/log/ansible.log is not writeable and we 
>> cannot create it, aborting
>>
>> ansible 2.4.2.0
>>   *config file = /etc/ansible/ansible.cfg*
>>   configured module search path = 
>> [u'/home/q5c9nf32/.ansible/plugins/modules', 
>> u'/usr/share/ansible/plugins/modules']
>>   ansible python module location = 
>> /usr/lib/python2.7/site-packages/ansible
>>   executable location = /usr/bin/ansible
>>   python version = 2.7.5 (default, Feb 20 2018, 09:19:12) [GCC 4.8.5 
>> 20150623 (Red Hat 4.8.5-28)]
>>
>>
>> Started by user deepan
>> Building in workspace 
>> /opt/hcl/support/unix/l5c9nf32/.jenkins/workspace/root_reset_pass
>> [root_reset_pass] $ /usr/bin/ansible-playbook 
>> /Ansible_project/change-root-password1.yml -i /Ansible_project/inventory -f 
>> 100 -e  -e ansible_user=q5c9nf32
>> [WARNING]: log file at /var/log/ansible.log is not writeable and we cannot 
>> create it, aborting
>>
>> /usr/lib64/python2.7/getpass.py:83: GetPassWarning: Can not control echo on 
>> the terminal.
>>   passwd = fallback_getpass(prompt, stream)
>> Warning: Password input may be echoed.
>> SUDO password: 
>> PLAY [xerox] 
>> ***
>>
>> TASK [Gathering Facts] 
>> *
>> ok: [usa7061lv1771]
>>
>> TASK [Change root password] 
>> 
>> changed: [usa7061lv1771]
>>
>> PLAY RECAP 
>> *
>> usa7061lv1771  : ok=2changed=1unreachable=0failed=0  
>>  
>>
>> Finished: SUCCESS
>>
>>
>>
>> Regards,
>> Deepan M
>>
>> On Monday, July 23, 2018 at 2:03:40 PM UTC+5:30, Kai Stian Olstad wrote:
>>>
>>> On 22.07.2018 12:22, Deepan M wrote: 
>>> > Hi, 
>>> > 
>>> > 
>>> >   Please find below - output and let to know how to fix this 
>>> issue. 
>>>
>>> You should have just posted plain text with long line breaking to off. 
>>> This is very difficult to write answer on. 
>>>
>>>
>>> > Building in workspace 
>>> > 
>>> /opt/hcl/support/unix/l5c9nf32/.jenkins/workspace/root_reset_pass[root_rese=
>>>  
>>>
>>> > t_pass] 
>>> > $ /usr/bin/ansible-playbook /Ansible_project/change-root-password1.yml 
>>> > -i /Ansible_project/inventory -f 100 -e  -e 
>>> > ansible_user=3Dq5c9nf32 -ansible-playbook 2.4.2.0  config file =3D 
>>> > /etc/ansible/ansible.cfg  configured module search path =3D 
>>>
>>> ansible-playbook is picking up /etc/ansible/ansible.cfg and I guess that 
>>> the ansible.cfg you have edited is in /Ansible_project 
>>>
>>> If this assumption is right you need to change the current woring 
>>> directory i Jenkins to be /Ansible_project since ansible-playbook picks 
>>> up ansible.cfg in cwd. 
>>>
>>> -- 
>>> Kai Stian Olstad 
>>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to

Re: [ansible-project] trying to reset root password by using .yml playbook, but its failed with permission denied error, however same .yml playbook is working via terminal.

Re: [ansible-project] trying to reset root password by using .yml playbook, but its failed with permission denied error, however same .yml playbook is working via terminal.

2 matches

Site Navigation

Mail list logo

Footer information