Oct
15
2017
0

Ansible: How to set user passwords

 

I’m in the process of converting my Fabric PBX automated installation to an Ansible playbook, but I got stuck on the user module portion.  I want to pass a default password to user accounts.  Ansible’s user module requires the crypted SHA512 hash rather than taking a password.  In other words, instead of supplying a password, you must supply the key(or as they call it a “crypted value”).

I think requiring the “crypted value” is for security reasons, but I imagine if someone has access to the key they can brute force the password anyways.  Sometimes secure and inconvenient mean the same thing I guess!  In any case, the user module should itself generate the key or they should build the feature into ansible-vault.

I stumbled on the instructions provided on the Ansible website.   There were no clear examples of setting a default password on the Ansible user module page.  You would think that would be an obvious one.  There is a link to directions on the Ansible cryption FAQ suggest using ‘mkpasswd’.  However, on the system I use(Fedora 24) the command doesn’t have the ability to output SHA – 512  keys.   Another option presented is a Python 2.7 command that didn’t work for me either.  After some research and a little testing I found a solution.

 

Goals of this Post:

  • Create crypted user account password
  • Create credentials.yml – VARS FILE for password keys
  • Example of assigning a user module password in a playbook
  • Execute Ansible play and test

(more…)