To save the call to the external Python command to encrypt the password,
you can use the Jinja2 "password_hash" documented here:
https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#hashing-filters
So your example could look like this:
- name: changing root password
user:
name: "root"
password: "{{ root_password | password_hash('sha512') }}"
Where "root_password" is a variable set earlier (hopefully stored as an
Ansible vaulted variable).
The only drawback here is that the hashed password will be the same on all
systems. Use a "salted hash" [Note 1] so they are not easily noticeable as
identical to the casual observer:
password: "{{ root_password | password_hash('sha512',
65534|random(seed=inventory_hostname)|string) }}"
This will use the hostname as a consistent seed to the random function,
then generate a number from 0..65534, finally turning that into a string
for the password_hash funciton to use.
Note 1: What is a "salted hash" in computers?
https://www.skyhighnetworks.com/cloud-security-blog/what-is-a-salt-and-how-does-it-make-password-hashing-more-secure/
On Tuesday, July 31, 2018 at 3:32:21 AM UTC-5, Jobin A T. A T. wrote:
> hi
> check this one
> - name: changing root password
> user:
> name: "root" ## Should not have "-"
> password:
> "$6$rounds=656000$XCYDmKM2Wh6LkAkf$2t/9L0OP4yJgy3wukrahPAM1qZG.SFNoe3eR53EqTq1t6.X.9YL78PJ2uje6dAp1Xxt8UqDe.kqj2/9F7bsvM/"
>
>
> i generated the the password hash using the python code
>
> python -c "from passlib.hash import sha512_crypt; import getpass; print
> sha512_crypt.encrypt(getpass.getpass())"
>
>
> On Wed, Jul 25, 2018 at 12:52 AM Deepan M <deepan...@gmail.com
> <javascript:>> wrote:
>
>> Thanks Kai for your suggestion, its working perfect. in Jenkins I dont
>> find the way to change directory, however default file is picking it up.
>>
>> Thanks all for giving your supports.
>>
>>
>> ansible --version
>> [WARNING]: log file at /var/log/ansible.log is not writeable and we
>> cannot create it, aborting
>>
>> ansible 2.4.2.0
>> *config file = /etc/ansible/ansible.cfg*
>> configured module search path =
>> [u'/home/q5c9nf32/.ansible/plugins/modules',
>> u'/usr/share/ansible/plugins/modules']
>> ansible python module location =
>> /usr/lib/python2.7/site-packages/ansible
>> executable location = /usr/bin/ansible
>> python version = 2.7.5 (default, Feb 20 2018, 09:19:12) [GCC 4.8.5
>> 20150623 (Red Hat 4.8.5-28)]
>>
>>
>> Started by user deepan
>> Building in workspace
>> /opt/hcl/support/unix/l5c9nf32/.jenkins/workspace/root_reset_pass
>> [root_reset_pass] $ /usr/bin/ansible-playbook
>> /Ansible_project/change-root-password1.yml -i /Ansible_project/inventory -f
>> 100 -e ******** -e ansible_user=q5c9nf32
>> [WARNING]: log file at /var/log/ansible.log is not writeable and we cannot
>> create it, aborting
>>
>> /usr/lib64/python2.7/getpass.py:83: GetPassWarning: Can not control echo on
>> the terminal.
>> passwd = fallback_getpass(prompt, stream)
>> Warning: Password input may be echoed.
>> SUDO password:
>> PLAY [xerox]
>> *******************************************************************
>>
>> TASK [Gathering Facts]
>> *********************************************************
>> ok: [usa7061lv1771]
>>
>> TASK [Change root password]
>> ****************************************************
>> changed: [usa7061lv1771]
>>
>> PLAY RECAP
>> *********************************************************************
>> usa7061lv1771 : ok=2 changed=1 unreachable=0 failed=0
>>
>>
>> Finished: SUCCESS
>>
>>
>>
>> Regards,
>> Deepan M
>>
>> On Monday, July 23, 2018 at 2:03:40 PM UTC+5:30, Kai Stian Olstad wrote:
>>>
>>> On 22.07.2018 12:22, Deepan M wrote:
>>> > Hi,
>>> >
>>> >
>>> > Please find below -vvvv output and let to know how to fix this
>>> issue.
>>>
>>> You should have just posted plain text with long line breaking to off.
>>> This is very difficult to write answer on.
>>>
>>>
>>> > Building in workspace
>>> >
>>> /opt/hcl/support/unix/l5c9nf32/.jenkins/workspace/root_reset_pass[root_rese=
>>>
>>>
>>> > t_pass]
>>> > $ /usr/bin/ansible-playbook /Ansible_project/change-root-password1.yml
>>> > -i /Ansible_project/inventory -f 100 -e ******** -e
>>> > ansible_user=3Dq5c9nf32 -vvvvansible-playbook 2.4.2.0 config file =3D
>>> > /etc/ansible/ansible.cfg configured module search path =3D
>>>
>>> ansible-playbook is picking up /etc/ansible/ansible.cfg and I guess that
>>> the ansible.cfg you have edited is in /Ansible_project
>>>
>>> If this assumption is right you need to change the current woring
>>> directory i Jenkins to be /Ansible_project since ansible-playbook picks
>>> up ansible.cfg in cwd.
>>>
>>> --
>>> Kai Stian Olstad
>>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ansible-proje...@googlegroups.com <javascript:>.
>> To post to this group, send email to ansible...@googlegroups.com
>> <javascript:>.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/48158b06-4bc1-4eda-9a76-396b0c28bfd8%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/ansible-project/48158b06-4bc1-4eda-9a76-396b0c28bfd8%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
> --
>
>
>
> *Jobin A T*
> Jr. Consultant - Technical Services
> m: +91 8606784823
> a: ipsr solutions ltd.IPSR IT Tower, Illom Lane,Palliam Road,Cochin-South
> w:
> www.ipsr.edu.in, www.ipsrsolutions.com
>
> INDIA: Trivandrum|Kottayam|Kochi|Calicut|Bangalore
> |CyberPark
> . UK:London
>
>
>
>
> [image: https://www.facebook.com/ipsrsolutions]
> <https://www.facebook.com/ipsrsolutions> * <https://twitter.com/ipsrjobs>*
> <https://in.linkedin.com/in/ipsrjobs>
> <http://keralaplacements.blogspot.in/>
> <https://www.youtube.com/user/ipsronline>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/87f1cddd-e335-4db8-b1fc-09883cfa47f8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
