Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Ansible to generate random passwords automatically for users

I am trying to create playbook where list of users will be created.

However, I also want to generate random password for each user. Once the passwords are generated, I would like to have a text file holding username:new_generated_password key values, next to the playbook file. Is it possible to do this without developing a new module?

like image 493
Pablo Avatar asked Nov 28 '15 15:11

Pablo


People also ask

How do I make an Ansible random password?

Usage of variables like "{{ inventory_hostname }}" in the filepath can be used to set up random passwords per host, which simplifies password management in "host_vars" variables. A special case is using /dev/null as a path.

How do I generate encrypted passwords for the user module Ansible?

How do I generate encrypted passwords for the user module?  Use the integrated Hashing and encrypting strings and passwords to generate a hashed version of a password. You shouldn't put plaintext passwords in your playbook or host_vars; instead, use Using encrypted variables and files to encrypt sensitive data.

How do I use Ansible playbook with password?

If you need to use password-based authentication in order to connect to the nodes, you need to append the option --ask-pass to your Ansible command. This will make Ansible prompt you for the password of the user on the remote server that you're attempting to connect as: ansible all -m ping --ask-pass.

How do I use Ansible lookup?

You can activate a custom lookup by either dropping it into a lookup_plugins directory adjacent to your play, inside the plugins/lookup/ directory of a collection you have installed, inside a standalone role, or in one of the lookup directory sources configured in ansible.


1 Answers

The password lookup can generate passwords for you and puts the generated password on the control machine (i.e. where the playbook is running). An example task that creates a user and sets their password may look something like this:

- name: Create users with auto generated password
  user:
    name: "{{ item.name }}"
    password: "{{ lookup('password', 'credentials/' + item.name + '/password.txt encrypt=md5_crypt') }}"
  with_items: users

This would then create a text file named ~/credentials/$username/password.txt on the control machine. If you were to rerun the Ansible play then Ansible would recognise that filepath as the password and make sure to set the user's password to that same value - making it idempotent.

This doesn't get you quite what you wanted but gets all the information that you needed on to the Ansible control host so you could then further manipulate it to get the final output that you wanted.

like image 90
ydaetskcoR Avatar answered Sep 21 '22 09:09

ydaetskcoR