Correct way to generate and use per host user passwords + possible regression

David_Strauss · April 8, 2016, 3:27pm

Good evening everyone, I’m looking for an automated way to create user accounts with random passwords and re-using them for the ansible_sudo_pass variable.

Is there an official position on how to do/accomplish this?
My current solution broke after an update from Ansible 1.9 to Ansible 2 and I struggle to make it work under Ansible 2.

For more details let me explain my solution and how it breaks with Ansible 2.

I create a new user and store its password with this task:


---
- name: Create user
  user: name=deployer group=deployer password={{item}} state=present
  with_password: "./passwords/my-server/users/deployer encrypt=sha256_crypt"

In a different playbook I use the previously created user and its password like this:

pjdeelman · April 12, 2016, 11:05am

oppertunity to shameless plug my own lookup
But if you convert to password-store for storing and creating passwords you could use my lookup plugin which does all this. (except for the part of reencrypting it with sha256, just file an issue)

https://github.com/morphje/ansible_pass_lookup

If you lookup a password with create=true in the lookup it will even create a new password for you. Tested with ansible 2.0

Kind regards,
Patrick Deelman

Topic		Views
new password generating lookup plugin -- neat! Ansible Project	0	March 11, 2013
User Creation: Better way to do this? Ansible Project	10	May 19, 2014
Issue with generating passwords as part of a host_vars file Ansible Project	3	September 25, 2013
Without sudo, is it possible to manage multiple become users with distinct passwords? Ansible Project	1	February 9, 2017
different per-host sudo passwords (without NOPASSWD) Ansible Project	0	December 23, 2013

Correct way to generate and use per host user passwords + possible regression

Related topics