I am trying to create playbook where list of users will be created.
However, I also want to generate random password for each user. Once the passwords are generated, I would like to have a text file holding username:new_generated_password key values, next to the playbook file. Is it possible to do this without developing a new module?
Usage of variables like "{{ inventory_hostname }}" in the filepath can be used to set up random passwords per host, which simplifies password management in "host_vars" variables. A special case is using /dev/null as a path.
How do I generate encrypted passwords for the user module? Use the integrated Hashing and encrypting strings and passwords to generate a hashed version of a password. You shouldn't put plaintext passwords in your playbook or host_vars; instead, use Using encrypted variables and files to encrypt sensitive data.
If you need to use password-based authentication in order to connect to the nodes, you need to append the option --ask-pass to your Ansible command. This will make Ansible prompt you for the password of the user on the remote server that you're attempting to connect as: ansible all -m ping --ask-pass.
You can activate a custom lookup by either dropping it into a lookup_plugins directory adjacent to your play, inside the plugins/lookup/ directory of a collection you have installed, inside a standalone role, or in one of the lookup directory sources configured in ansible.
The password
lookup can generate passwords for you and puts the generated password on the control machine (i.e. where the playbook is running). An example task that creates a user and sets their password may look something like this:
- name: Create users with auto generated password
user:
name: "{{ item.name }}"
password: "{{ lookup('password', 'credentials/' + item.name + '/password.txt encrypt=md5_crypt') }}"
with_items: users
This would then create a text file named ~/credentials/$username/password.txt
on the control machine. If you were to rerun the Ansible play then Ansible would recognise that filepath as the password and make sure to set the user's password to that same value - making it idempotent.
This doesn't get you quite what you wanted but gets all the information that you needed on to the Ansible control host so you could then further manipulate it to get the final output that you wanted.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With