The hardcoded admin hash uses the 2a version of bcrypt. It may be that your application cannot handle the newer 2b variant of bcrypt - which ansible creates. But this sounds unlikely.
Can you try to create a password with ansible using a salt (so leaving the "salt=None" out) ? Dick On Thu, 12 Mar 2020 at 15:52, Bala Mutyam <koti.reddy...@gmail.com> wrote: > > Hi, > > I've tried the rounds but no luck,still not able to login to UI. > > About the salt option, it's Sonarqube application which doesn't use salt. > > This is the command used on Sonarqube doc - > https://docs.sonarqube.org/latest/instance-administration/security/ > > update users set crypted_password = > '$2a$12$uCkkXmhW5ThVK8mpBvnXOOJRLd64LJeHTeCkSuB3lfaR2N0AYBaSi', salt=null, > hash_method='BCRYPT' where login = 'admin' > > > Thanks > > > On Thursday, March 12, 2020 at 12:15:39 PM UTC, Dick Visser wrote: >> >> Hi >> >> Your hardcoded hash (the one "UI login only works") appears to use 10 >> rounds, while the hash generated by password_hash uses 12 (the >> default). >> Based on the docs at >> https://passlib.readthedocs.io/en/stable/lib/passlib.hash.bcrypt.html#interface >> you should be able to configure that as an argument for password_hash, >> like: >> >> {{ admin_password | password_hash('bcrypt', salt=None, rounds=10) }} >> >> Not sure if this will fix your problem though, but worth trying. >> >> On a related note, you are deliberately not using a salt. That is >> insecure, so if possible try to fix your workflow so that a salt is >> used. >> Your users will be thankful for it later. >> >> >> Dick >> >> >> On Thu, 12 Mar 2020 at 12:13, Bala Mutyam <koti.r...@gmail.com> wrote: >> > >> > Hi, >> > >> > I manged to run the task successfully but i'm not able to login with the >> > password to Sonarqube UI. >> > >> > ansible 2.7.7 >> > config file = /etc/ansible/ansible.cfg >> > configured module search path = ['/root/.ansible/plugins/modules', >> > '/usr/share/ansible/plugins/modules'] >> > ansible python module location = /usr/lib/python3/dist-packages/ansible >> > executable location = /usr/bin/ansible >> > python version = 3.7.3 (default, Dec 20 2019, 18:57:59) [GCC 8.3.0] >> > >> > - name: Reset Admin pw >> > become: yes >> > become_user: postgres >> > command: command: psql -c "update users set crypted_password = '{{ >> > admin_password | password_hash('bcrypt', salt=None) }}' where login = >> > 'admin'" sonarqube >> > tags: query >> > >> > >> > I noticed the Ansible encrypted the password : >> > '$2b$12$QEsYuib1i6RO6fngZP4tzuUQvJMEo7k2jA48P.dVwwT5UE2fmygM. >> > >> > But it seems to be UI login only works with >> > $2a$10$ggLrB/SKx901ctz13V1OIOu2UJzApbdfFCR5KJ6X6GbH9VNAzqglO. >> > >> > Is it possible to force Anisble to encrypt the password as >> > $2a$10$ggLrB/SKx901ctz13V1OIOu2UJzApbdfFCR5KJ6X6GbH9VNAzqglO ? >> > >> > >> > >> > >> > On Tuesday, March 10, 2020 at 6:32:03 PM UTC, Dan Linder wrote: >> >> >> >> What is the error and what is sending the error? (i.e. is the error from >> >> "psql" or from Ansible itself?) >> >> >> >> Can you run the playbook with "-vvv" and paste in the errors the "Reset >> >> Admin pw" step produces. >> >> >> >> On Tuesday, March 10, 2020 at 11:12:17 AM UTC-5, Bala Mutyam wrote: >> >>> >> >>> Hi, >> >>> >> >>> Thanks for the reply. By hard coding the hash working fine. >> >>> >> >>> I'm trying to workout something like this but this is giving me an error. >> >>> >> >>> >> >>> - name: Reset Admin pw >> >>> become: yes >> >>> become_user: postgres >> >>> command: psql -c "update users set crypted_password = '{{ >> >>> admin_password | password_hash('bcrypt', salt=None) }}' where login = >> >>> 'admin'" sonarqube >> >>> tags: query >> >>> >> >>> >> >>> >> >>> On Tuesday, March 10, 2020 at 2:13:28 PM UTC, Dick Visser wrote: >> >>>> >> >>>> You manual command has more arguments than the one in your task. >> >>>> Try making that consistent. >> >>>> >> >>>> If that doesn't work, try hardcoding the hash in your task to see if >> >>>> that works at all. >> >>>> >> >>>> >> >>>> >> >>>> >> >>>> On Tue, 10 Mar 2020 at 13:21, Bala Mutyam <koti.r...@gmail.com> wrote: >> >>>> > >> >>>> > Hi Everyone, >> >>>> > >> >>>> > I'm trying to create a task for below command but it's not working, >> >>>> > can you help me how to make it work please? >> >>>> > >> >>>> > Command: >> >>>> > >> >>>> > update users set crypted_password = >> >>>> > '$2a$12$uCkkXmhW5ThVK8mpBvnXOOJRLd64LJeHTeCkSuB3lfaR2N0AYBaSi', >> >>>> > salt=null, hash_method='BCRYPT' where login = 'admin' >> >>>> > >> >>>> > - name: Reset Admin pw >> >>>> > become: yes >> >>>> > become_user: postgres >> >>>> > command: psql -c "update users set crypted_password = '{{ >> >>>> > admin_password | password_hash('bcrypt') }}' where login = 'admin'" >> >>>> > sonarqube >> >>>> > tags: query >> >>>> > >> >>>> > >> >>>> > I'm successfully running the task but not able to login with the >> >>>> > admin_password. >> >>>> > >> >>>> > -- >> >>>> > You received this message because you are subscribed to the Google >> >>>> > Groups "Ansible Project" group. >> >>>> > To unsubscribe from this group and stop receiving emails from it, >> >>>> > send an email to ansible...@googlegroups.com. >> >>>> > To view this discussion on the web visit >> >>>> > https://groups.google.com/d/msgid/ansible-project/1d3e8db8-01b9-4363-a3aa-67e077f35b62%40googlegroups.com. >> >>>> >> >>>> >> >>>> >> >>>> -- >> >>>> Dick Visser >> >>>> Trust & Identity Service Operations Manager >> >>>> GÉANT >> > >> > -- >> > You received this message because you are subscribed to the Google Groups >> > "Ansible Project" group. >> > To unsubscribe from this group and stop receiving emails from it, send an >> > email to ansible...@googlegroups.com. >> > To view this discussion on the web visit >> > https://groups.google.com/d/msgid/ansible-project/e63eb9ef-eee9-4739-9f6c-3691b4aee318%40googlegroups.com. >> >> >> >> -- >> Dick Visser >> Trust & Identity Service Operations Manager >> GÉANT > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ansible-project+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/a15d3ce8-1596-475c-bd6f-84c8a080133a%40googlegroups.com. -- Dick Visser Trust & Identity Service Operations Manager GÉANT -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAL8fbwPo-BjoGtiyW4_v91NKRdHLNx%2BU5HaTku%2BmBYZESJA2mQ%40mail.gmail.com.
