[英]module user doesn't accept encrypt password generated by ansible-vault?
Recently I used 'user' module to create user with password provided in vars/main.yml最近我使用“用户”模块创建用户,密码在 vars/main.yml 中提供
- name: Create pamuser
user:
name: pamuser
password: "{{ pamuser_pass }}"
groups: wheel
append: yes
tags: pamuser
Once run a playbook, it gives me this warning运行剧本后,它会给我这个警告
TASK [prerequisite : Create pamuser] *****************************************************************************
[WARNING]: The input password appears not to have been hashed. The 'password' argument must be encrypted for this
module to work properly.
Then I use ansible-vault encrypt_string command to encrypt only the specific variable "pamuser_pass"
by replace plaintext with vault password that ansible-vault gave me然后我使用 ansible-vault encrypt_string 命令通过将明文替换为 ansible-vault 给我的保险库密码来仅加密特定变量
"pamuser_pass"
contents in /vars/main.yml /vars/main.yml 中的内容
---
# vars file for prerequisite role
pamuser_pass: !vault |
$ANSIBLE_VAULT;1.1;AES256
65643265346231613137396339303834396663383466636631646337303235306137386534396266
3364333534616238396465626436376561323762303139620a376630643131323133336164373237
64663332363233303032636638306566303034393137636533373332383334333439663930613232
3737
then I remove current pamuser and re-run the playbook with command然后我删除当前的 pamuser 并使用命令重新运行剧本
ansible-playbook playbook.yaml --tags "pamuser" --ask-pass -K --ask-vault-pass
Along with the running process, it still shows the warning伴随着运行过程,还是显示警告
[WARNING]: The input password appears not to have been hashed. The 'password' argument must be encrypted for this
module to work properly.
the outcome seem fine with id pamuser but once logging in with ssh pamuser@example.com then put the regular password, the password doesn't work.使用 id pamuser 结果似乎很好,但是一旦使用 ssh pamuser@example.com 登录,然后输入常规密码,密码就不起作用了。 I can't login with that pamuser.
我无法使用那个 pamuser 登录。
Is there something that I missed?我错过了什么吗?
You should be following one of the recommended ways mentioned here to provide the hash.您应该遵循此处提到的推荐方法之一来提供 hash。 It's not the general vault encryption in ansible.
这不是 ansible 中的通用库加密。 This is specific to the user module.
这是特定于用户模块的。 Below is from the doc:
以下来自文档:
How do I generate encrypted passwords for the user module?
如何为用户模块生成加密密码? Ansible ad-hoc command is the easiest option:
Ansible ad-hoc 命令是最简单的选项:
ansible all -i localhost, -m debug -a "msg={{ 'mypassword' | password_hash('sha512',
'mysecretsalt') }}"
The mkpasswd utility that is available on most Linux systems is also a great option:
大多数 Linux 系统上可用的 mkpasswd 实用程序也是一个不错的选择:
mkpasswd --method=sha-512
I have tried using the recommended ways and it is not working, could you please advise?我已经尝试使用推荐的方法,但它不起作用,您能建议吗?
[user1@rhhost1 ~]$ ansible all -i localhost, -m debug -a "msg={{'hello' | password_hash('sha512','mysecretsalt')}}"
localhost | SUCCESS => {
"msg": "$6$mysecretsalt$tD6lGf9FdSWKyrGT7O/h8DvbPso3lPDhYYxjmL.tInFSxnAAkjzRfMCew/.tVPkJMrSKhToVL2KUzKB9FMGWZ1"
}
[user1@rhhost1 ~]$ ansible rhhost2* -m user -a "name=user4 state=present home=/home/user4 shell=/bin/bash password=$6$mysecretsalt$tD6lGf9FdSWKyrGT7O/h8DvbPso3lPDhYYxjmL.tInFSxnAAkjzRfMCew/.tVPkJMrSKhToVL2KUzKB9FMGWZ1" -b -K
BECOME password:
[WARNING]: The input password appears not to have been hashed. The 'password' argument must be encrypted for this module to work
properly.
rhhost2.localnet.com | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 1003,
"home": "/home/user4",
"name": "user4",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1003
}
[user1@rhhost1 ~]$ ansible --version
ansible 2.9.10
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/user1/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.6.8 (default, Apr 16 2020, 01:36:27) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.