ansible-2.9 how to password

Archives Ansible Project
1

I am very new to writing ansible syntax, and am working on writing my first playbook.

I want to set a password that I control for a user named admin2 but I cannot find a solid good example for creating the user and setting the password on a RHEL-variant (ALMA Linux):

  • name: Add the user admin2
    ansible.builtin.user:
    name: admin2
    comment: “Second admin account”
    shell: /bin/bash
    groups: users,wheel
    append: yes

What can I do in a simple ansible play that enables me to set a password value?
I have seen a few different examples, but I don’t know what to trust.

2

https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-generate-encrypted-passwords-for-the-user-module as noted from https://docs.ansible.com/ansible/latest/collections/ansible/builtin/user_module.html

3

Thanks Andrew, I have read these two pages which is where I got my sample code from in the first place.
My focus is on the password hash and getting it delivered.

I am guessing I should use a vault file and have a variable reference it. I can do it that way right?

4

in general, if you don’t know what to trust than trust “testing and experience”, try on your own until you make it !

One way to do it, is to put your password in a var (for example a var named my_pass) that you can optionally encrypt via vault like you said then use the password directive :

  • name: Add the user admin2
    ansible.builtin.user:
    name: admin2
    password: {{ my_pass | password_hash(‘sha512’) }}
    comment: “Second admin account”
    shell: /bin/bash
    groups: users,wheel
    append: yes

if you want more idempotent results, fix the salt used for password generation, this way :

password: {{ my_pass | password_hash(‘sha512’, ‘some_salt’) }}

5

Thank you for that feedback. I am going to try and make this work.