ansible command on messages

Alfredo_De_Luca · August 10, 2018, 11:01am

Hi all.
With ansible we are changing root passwords on our machines. the root password is in a vault so all ok…
But I find our the the command we run to change the password is visible on /var/log/messages …included the password itself…
How can I remove that or do that in a different way?

Cheers

Jonathan_Lozada_De_L · August 10, 2018, 11:15am

have you tried to do no_log: True ?

https://docs.ansible.com/ansible/2.5/reference_appendices/faq.html#how-do-i-keep-secret-data-in-my-playbook

Alfredo_De_Luca · August 10, 2018, 11:32am

Thanks heaps. there is also no_target_syslog… which it could be more appropriate for what I need to do.

Cheers

Alfredo_De_Luca · August 10, 2018, 12:39pm

no_log
worked perfectly!

thanks

Jobin_A_T_A_T · August 10, 2018, 5:29pm

Hai please use this method I tested this and it successfully worked

First generate an encrypted password
Using

Python code for generating SHA512 password
python -c “from passlib.hash import sha512_crypt; import getpass; print
sha512_crypt.encrypt(getpass.getpass())”

And use

tasks:

name: changing root password
user:
name: “root” ## Should not have “-”
password:
“$6$rounds=656000$XCYDmKM2Wh6LkAkf$2t/9L0OP4yJgy3wukrahPAM1qZG.SFNoe3eR53
EqTq1t6.X.9YL78PJ2uje6dAp1Xxt8UqDe.kqj2/9F7bsvM/”

Jonathan_Lozada_De_L · August 10, 2018, 5:30pm

I think vault its a better option and integrates better.

Topic		Replies	Views
Using ansible changing password for root account -- password error after changing Ansible Project	2	0	November 23, 2017
Ansible vault without temp files Ansible Project	3	0	June 30, 2021
Best practice to change root pass Ansible Project	2	1	August 4, 2017
Help with securing password Ansible Project	1	0	July 28, 2018
changing a password with ansible Ansible Project fedora , rhel	2	1	June 12, 2021

ansible command on messages

Related topics