Automatic password generation

Nolan_Darilek · January 21, 2013, 4:06am

Spent most of yesterday diving into Ansible and encoding much of what I do as playbooks. I was wondering if anyone had a solution for this?

Say you're installing WordPress or something. You want to set up a database likely just for WP, and a human won't interact with it at all. You could prompt for a password, but why when 99.999% of the access to this database will be the web app that created it?

Instead of prompting for these sorts of single-use passwords, is there a function or other method to generate them randomly? Perhaps a way of setting variables to a random string of characters can be added, similar to that for prompting?

Thanks.

Nigel_Metheringham · January 21, 2013, 9:04am

Nolan Darilek wrote:

Say you're installing WordPress or something. You want to set up a
database likely just for WP, and a human won't interact with it at all.
You could prompt for a password, but why when 99.999% of the access to
this database will be the web app that created it?

Instead of prompting for these sorts of single-use passwords, is there a
function or other method to generate them randomly? Perhaps a way of
setting variables to a random string of characters can be added, similar
to that for prompting?

Maybe a local action to a shell script or piece of python which returns a password as a fact. Simplest example (untested):-

  #!/bin/sh
  # mkrandompassword - put this in the library directory
  # alongside the playbook

Michael_DeHaan · January 21, 2013, 2:50pm

I think it's generally useful to choose known passwords.

You never know when you might need to rebuild that wordpress
configuration file or fix something in a database.

Nolan_Darilek · January 21, 2013, 3:02pm

Well, you've got the configuration file, so no need to rebuild it. And that has the password.

Either way though, thanks. I'll play with the fact-based method.

Dag_Wieers · February 18, 2013, 3:23pm

Coming back to this (catching up on the mailing list), this is what I do in one of my test scripts to validate changes I made (in this case it was to test changes to the shell and debug module):

Michael_DeHaan · February 18, 2013, 3:36pm

A somewhat crazy idea might be to write a lookup plugin like so:

$GEN_PASS(name_of_what_the_password_is_for)

ex

$GEN_PASS('foo')

probably should take some other parameters

And if the file didn't exist, it would generate it and save it in the
file (probably in ~/.ansible/somewhere)

otherwise it would just return what was in the file.

Crazy?

jpmens1 · February 18, 2013, 3:41pm

Use the new URI module to obtain a password from the (*cough*) cloud:

http://www.sethcardoza.com/tools/random-password-generator-api/

(*groans*)

What could possibly go wrong ...

-JP

Michael_DeHaan · February 18, 2013, 3:45pm

Use the new URI module to obtain a password from the (*cough*) cloud:

http://www.sethcardoza.com/tools/random-password-generator-api/

(*groans*)

What could possibly go wrong ...

What if that was how I was going to implement it

</kidding>

Dag_Wieers · February 18, 2013, 3:49pm

How disappointing !

jpmens1 · February 18, 2013, 4:49pm

From you I was expecting a DNS-based solution, really.

There, I fixed it for you: http://jpmens.net/2011/12/01/lua-back-end-for-bind/

-JP

Topic		Replies	Views
new password generating lookup plugin -- neat! Ansible Project	0	0	March 11, 2013
Ansible random generated passwords Get Help playbook	8	441	May 9, 2024
using ansible vault from within a playbook Ansible Project	0	3	September 18, 2015
Unable to generate a random password for a user account in Ansible playbook Ansible Project ansible-project	0	0	September 27, 2017
random length password Ansible Project	3	3	April 18, 2023

Automatic password generation

Related topics