hi all. i’m not new to ansible but am still apparently fairly green with regards to what appears to me to be non-trivial stuff.
my current goal is to replace an aging python script which does something like this (very bad pseudo-code but will hopefully make sense):
for each user, password:
if user exists:
password = password+randomtext
if ostype = 1:
passhash = hash1(password)
elif ostype = 2:
passhash = hash2(password)
else:
passhash = hash3(password)
set user password using passhash (done via user: in unusable)
do to os restrictions, i am creating the password hash via local_action python/passlib.hash (the jinja2 | password_hash filter doesn’t provide the needed hash in all situations). this is a task by itself. the text for the password is somewhat programmatically created, requiring its own task.
i’ve been able to get all this working in ansible playbook format using a single user / password combination across multiple hosts with the multiple hash requirements. what i’m failing to figure out is how to loop through multiple users each having their own base password. this same lack of understanding will also cause me to fail when dealing with multiple files later in this same project.
the bottom line is that i’m trying to create a loop within a loop; the outer loop is per user, the inner loop is dealing with the password hash and requires multiple tasks. this is the way it works in the original python; ansible of course doesn’t work this way and i’m having difficulty figuring out how to do this without running the playbook multiple times with different variables. i’ve tried and failed to figure out how to do this via ‘register’ and ‘set_fact’ …
i’ve gotten good feedback via irc, but ultimately need a bigger clue stick. please whack away.