encrypted password hash question

Archives Ansible Project
1

Hi. New ansible user here so just starting out. My first experiment is to create a user with sudo privileges on an Oracle Linux 8 server in my test environment. Here are the contents of the files in the /home/”user”/ansible/playbooks folder. I think I am missing something as when I run the playbook it runs successfully. I confirm that the account is created however when I attempt to ssh or login the attempt gets denied access.

Any help is appreciated.

Thank you,

user_pass.yml - encrypted using “ansible-vault create user_pass.yml” in group_vars folder

admin_group: wheel

password: #G00d4now

ansible.cfg

[defaults]

inventory = ./inventory

remote_user = (local user with authorized keys)

[privilege_escalation]

become = true

become_method = sudo

become_user = root

inventory

[ol8]

qansibletest

2

Hi. New ansible user here so just starting out. My first experiment is to create a user with sudo privileges on an
Oracle Linux 8 server in my test environment. Here are the contents of the files in the /home/”user”/ansible/playbooks
folder. I think I am missing something as when I run the playbook it runs successfully. I confirm that the account is
created however when I attempt to ssh or login the attempt gets denied access.

Any help is appreciated.

Thank you,

*user_pass.ym*l - encrypted using “ansible-vault create user_pass.yml” in group_vars folder

admin_group: wheel

password: #G00d4now

*ansible.cfg*

[defaults]

inventory = ./inventory

remote_user = (local user with authorized keys)

[privilege_escalation]

become = true

become_method = sudo

become_user = root

*inventory*

[ol8]

qansibletest

*create_users.yml*

- name: Create New Users

hosts: all

gather_facts: false

tasks:

- name: Create User Task

  user:

    name: devops

    state: present

    password: "\{\{ 'password' | password\_hash\('sha512','A512'\) \}\}"

    shell: /bin/bash

    groups: "\{\{ admin\_group \}\}"

    append: true

...

You are literally passing the string "passsword" instead of the value of the password
variable. Remove the quotes from 'password',

Regards
         Racke

3

Further to this..

I found that when using this statement in the playbook it is not grabbing the variable in the group_vars/ol8 file but actually passing password as password despite the removal of quotes. Just wondering if I am missing to declare something?

password: "{{ password | password_hash('sha512', 'A512') }}"

Rene

4

I always find that behavior gets tricky when using key words as variables. Try changing password to pwd or passwd.

5

Thanks for the suggestion. This just leads to more….

When I use this

password: “{{ passwrd | password_hash(‘sha512’, ‘A512’) }}” I get the following error:

TASK [Create Users Task] **********************************************************************************************

fatal: [qreneansible.wlu.ca]: FAILED! => {“msg”: “Unexpected templating type error occurred on ({{ passwd | password_hash(‘sha512’, ‘A512’) }}): crypt() argument 1 must be str, not None”}

PLAY RECAP ************************************************************************************************************

qreneansible.wlu.ca : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

It seems that it cannot find the variable anywhere. In the playbook file I did add the following but it still cant find it. The file is encrypted as well.

vars_files:

  • group_vars/ol8

Thanks again,

Rene

6

and of course you also set the new passwrd variable? Its not null or empty?

7

I did. The contents of the encrypted file are:

admin_group: wheel

passwrd: #G00d4now

Rene

8

try removing the # from the password and see if that makes a difference

9

That did the trick. Thank you very much.

Rene

10

Great. So it was interpreting your password as a comment. Glad it worked.

Regards,

Joe.