Hi,
Are become & become_user setted ?
Reagrds,
JYL
Hi,
Below is my conf details
cat ansible.cfg
[defaults]
host_key_checking = False
remote_user = q5c9nf32
inventory = inventory
[privilege_escalation]
become = True
become_method = sudo
become_user = root
become_ask_pass = True
Thanks,
Deepan M
You should run ansible-playbook with -vvvv and see if that is giving some more useful information about what is happening.
Hi,
If i run like below from terminal, then its working perfect but when i try from jenkins, its failing.
#ansible-playbook change-root-password1.yml
Thanks,
Deepan M
And that is why you need to run it with -vvvv in Jenkins to possible see what is happening.
Playing a guessing game on what it could be is not very futile.
Not aware where I need to add -vvvv in Jenkins tool?? Need to add as extra var?
Thanks,
Deepan
Hi,
Please find below -vvvv output and let to know how to fix this issue.
Since your ansible.cfg ‘become_ask_pass = True’, are you providing the sudo password on the command line for Jenkins to pass to ansible-playbook?
Hi,
Please find below -vvvv output and let to know how to fix this issue.
You should have just posted plain text with long line breaking to off.
This is very difficult to write answer on.
Building in workspace
/opt/hcl/support/unix/l5c9nf32/.jenkins/workspace/root_reset_pass[root_rese=
t_pass]
$ /usr/bin/ansible-playbook /Ansible_project/change-root-password1.yml
-i /Ansible_project/inventory -f 100 -e ******** -e
ansible_user=3Dq5c9nf32 -vvvvansible-playbook 2.4.2.0 config file =3D
/etc/ansible/ansible.cfg configured module search path =3D
ansible-playbook is picking up /etc/ansible/ansible.cfg and I guess that the ansible.cfg you have edited is in /Ansible_project
If this assumption is right you need to change the current woring directory i Jenkins to be /Ansible_project since ansible-playbook picks up ansible.cfg in cwd.
Thanks Kai for your suggestion, its working perfect. in Jenkins I dont find the way to change directory, however default file is picking it up.
Thanks all for giving your supports.
ansible --version
[WARNING]: log file at /var/log/ansible.log is not writeable and we cannot create it, aborting
ansible 2.4.2.0
config file = /etc/ansible/ansible.cfg
configured module search path = [u’/home/q5c9nf32/.ansible/plugins/modules’, u’/usr/share/ansible/plugins/modules’]
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Feb 20 2018, 09:19:12) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]
Started by user deepan
Building in workspace /opt/hcl/support/unix/l5c9nf32/.jenkins/workspace/root_reset_pass
[root_reset_pass] $ /usr/bin/ansible-playbook /Ansible_project/change-root-password1.yml -i /Ansible_project/inventory -f 100 -e ******** -e ansible_user=q5c9nf32
[WARNING]: log file at /var/log/ansible.log is not writeable and we cannot create it, aborting
/usr/lib64/python2.7/getpass.py:83: GetPassWarning: Can not control echo on the terminal.
passwd = fallback_getpass(prompt, stream)
Warning: Password input may be echoed.
SUDO password:
PLAY [xerox] *******************************************************************
TASK [Gathering Facts] *********************************************************
ok: [usa7061lv1771]
TASK [Change root password] ****************************************************
changed: [usa7061lv1771]
PLAY RECAP *********************************************************************
usa7061lv1771 : ok=2 changed=1 unreachable=0 failed=0
Finished: SUCCESS
Regards,
Deepan M
hi
check this one
- name: changing root password
user:
name: “root” ## Should not have “-”
password: “$6$rounds=656000$XCYDmKM2Wh6LkAkf$2t/9L0OP4yJgy3wukrahPAM1qZG.SFNoe3eR53EqTq1t6.X.9YL78PJ2uje6dAp1Xxt8UqDe.kqj2/9F7bsvM/”
i generated the the password hash using the python code
python -c “from passlib.hash import sha512_crypt; import getpass; print sha512_crypt.encrypt(getpass.getpass())”
To save the call to the external Python command to encrypt the password, you can use the Jinja2 “password_hash” documented here:
https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#hashing-filters
So your example could look like this:
- name: changing root password
user:
name: “root”
password: “{{ root_password | password_hash(‘sha512’) }}”
Where “root_password” is a variable set earlier (hopefully stored as an Ansible vaulted variable).
The only drawback here is that the hashed password will be the same on all systems. Use a “salted hash” [Note 1] so they are not easily noticeable as identical to the casual observer:
password: “{{ root_password | password_hash(‘sha512’, 65534|random(seed=inventory_hostname)|string) }}”
This will use the hostname as a consistent seed to the random function, then generate a number from 0…65534, finally turning that into a string for the password_hash funciton to use.
Note 1: What is a “salted hash” in computers? https://www.skyhighnetworks.com/cloud-security-blog/what-is-a-salt-and-how-does-it-make-password-hashing-more-secure/