Password change automation

mboncalo · January 25, 2019, 6:56pm

Hi,
I know there are lots of examples on the internet but I can't make it work

ansible-playbook --private-key=/root/docker/aatool/ky.pem --extra-vars
admin_password=T3est@ chpass.yml
[WARNING]: provided hosts list is empty, only localhost is available.
Note that the implicit localhost does not match 'all'

[WARNING]: Could not match supplied host pattern, ignoring: ansible2

PLAY [User configuration]

hugonz · January 25, 2019, 7:24pm

The password field must be hashed for all unices. You’re using plaintext for that. The ansible docs:

Optionally set the user's password to this crypted value.
On macOS systems, this value has to be cleartext. Beware of security issues.
To create a disabled account or Linux systems, set this to '!' or '*'.
See [https://docs.ansible.com/ansible/faq.html#how-do-i-generate-crypted-passwords-for-the-user-module](https://docs.ansible.com/ansible/faq.html#how-do-i-generate-crypted-passwords-for-the-user-module) for details on various ways to generate these password values.

Hugo

mboncalo · January 25, 2019, 9:51pm

But I'm using a hashing filter inside the platbook for that -
password_hash('sha512')

From your link - "Use the integrated Hashing filters to generate a

hashed version of a password. You shouldn’t put plaintext passwords in
your playbook or host_vars; instead, use Using Vault in playbooks to
encrypt sensitive data."

I don't know Ansible too much but the error "skipping: no hosts
matched" doesn't seem related to the hashing issue

What intrigues me is that I specified the hostname ansible2, which can
be found in /etc/hosts

Kai_Stian_Olstad · January 25, 2019, 10:28pm

Ansible doesn't use /etc/hosts, you should read up on basic Ansible usage.
https://docs.ansible.com/ansible/latest/user_guide/intro_getting_started.html
https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html

mboncalo · January 26, 2019, 12:37am

Hi Kai,

Thanks, it worked like a charm

I already worked with inventory files but since I did it only few
times i missed it. The thing is that Ansible uses /etc/hosts file in a
way, because the hostname you place into inventory file, or in
ansible hosts file must be found in /etc/hosts file in order to be
associated to a IP Address if I'm not mistaken.

Thanks,
Mihai.

Kai_Stian_Olstad · January 26, 2019, 1:26pm

Actually Ansible doesn't use /etc/hosts, but your operation system usually does.
Ansible just send the request to the OS and get an IP in response.

The name doesn't need to be in /etc/hosts, it could be in DNS as well.
The OS searches /etc/hosts first, it it doesn't find it will try DNS.

Topic		Replies	Views
Correct way to generate and use per host user passwords + possible regression Ansible Project	1	2	April 12, 2016
Anyone successfully use python to generate a password hash and pass it into a usable variable in a playbook? Ansible Project	2	4	July 5, 2019
Using ansible changing password for root account -- password error after changing Ansible Project	2	4	November 23, 2017
Setting user password via ansible module user didn't work as expected Ansible Project	2	1	July 12, 2016
ansible_ssh_pass parameter with salt encrypt value of ansible_user password makes client server Unreachable on playbook run Ansible Project	11	2	August 15, 2017

Password change automation

Related topics