
I’m in the process of converting my Fabric PBX automated installation to an Ansible playbook, but I got stuck on the user module portion. I want to pass a default password to user accounts. Ansible’s user module requires the crypted SHA512 hash rather than taking a password. In other words, instead of supplying a password, you must supply the key(or as they call it a “crypted value”).
I think requiring the “crypted value” is for security reasons, but I imagine if someone has access to the key they can brute force the password anyways. Sometimes secure and inconvenient mean the same thing I guess! In any case, the user module should itself generate the key or they should build the feature into ansible-vault.
I stumbled on the instructions provided on the Ansible website. There were no clear examples of setting a default password on the Ansible user module page. You would think that would be an obvious one. There is a link to directions on the Ansible cryption FAQ suggest using ‘mkpasswd’. However, on the system I use(Fedora 24) the command doesn’t have the ability to output SHA – 512 keys. Another option presented is a Python 2.7 command that didn’t work for me either. After some research and a little testing I found a solution.
Goals of this Post:
- Create crypted user account password
- Create credentials.yml – VARS FILE for password keys
- Example of assigning a user module password in a playbook
- Execute Ansible play and test
(more…)