Is the user module idempotent?

Johannes_Kastl · June 1, 2016, 12:28pm

Hi all,

I tried the following task, but it reports 'changed' each time it
runs. Is this intentional?

- name: "create user"
  user: name="foobar"
    password="{{ some_variable | password_hash('sha512') }}"
    createhome=yes
    state=present
  register: some_result_variable

Ansible 2.1 running on OSX 10.10.5 with different linux machines as
targets.

Johannes

Uditha_Desilva · June 1, 2016, 1:25pm

I believe that’s because the password_hash function uses a random seed, so the actual encrypted password will be different each time.

Johannes_Kastl · June 1, 2016, 3:00pm

Hi,

Kai_Stian_Olstad · June 1, 2016, 3:07pm

That's one way, or provide the salt. From
http://docs.ansible.com/ansible/playbooks_filters.html#hashing-filters
{{ 'secretpassword'|password_hash('sha256', 'mysecretsalt') }}

sivel · June 1, 2016, 3:51pm

Alternatively, you could look at the update_password option for the user module. http://docs.ansible.com/ansible/user_module.html

The default is always

“always will update passwords if they differ. on_create will only set the password for newly created users.”

Johannes_Kastl · June 1, 2016, 4:08pm

Thanks Matt, I must have overlooked that one. I can confirm that this
solves the module reporting 'changed' on every run in my case.

Johannes

Topic		Replies	Views
How to fixed update_password Ansible Project	0	0	June 21, 2016
User command onöy if user does not yet exist Ansible Project ansible-project	7	0	June 28, 2013
keystone_user module is not changing the password for existint user? Ansible Project	2	0	October 9, 2013
Issue with password hash in user module when passing ByVal ??? Ansible Developer	0	1	September 11, 2019
mongodb_user module seems to be not idempotent Ansible Project	0	1	December 7, 2017

Is the user module idempotent?

Related topics