Ansible. How to specify encrypt: sha512_crypt in the --extra-vars argument?

S

Sanes2016-03-24 06:34:26

linux

Sanes, 2016-03-24 06:34:26

There is a script for adding a Linux user with the following parameters

vars_prompt:
    - name: 'username'
      prompt: 'Username'
      private: no
    - name: 'userpass'
      prompt: 'Password'
      private: no
      encrypt: "sha512_crypt"

Everything works, however, if run via --extra-vars, then the password does not seem to be encrypted

ansible-playbook add.yml --extra-vars "username=user userpass=passwoRD"

Maybe the team needs to be formed differently? The documentation states that JSON is supported, but I didn't really understand how to do it.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

S

Sanes, 2016-04-16
@Sanes

tasks: 
    - name: 'Add user'
      user: 'name={{ username }} password={{ userpass |password_hash("sha512") }} update_password=on_create shell=/usr/bin/lshell move_home=yes home=/var/www/{{ username }}'

P

Puma Thailand, 2016-03-24
@opium

It is necessary to transfer an already encrypted password, you have a security hole otherwise

S

Shkurupii, 2016-03-24
@Shkurupii

The code is inconsistent. You either leave vars_promt or vars passed via --extra-vars Enable
ansible-playbook debug add.yml -vvv

---
- hosts: local
  gather_facts: no

  vars_prompt:
  - name: 'username'
    prompt: 'Username'
    private: no
  - name: 'userpass'
    prompt: 'Password'
    private: no
    encrypt: "sha512_crypt"

  tasks:

  - name: username
    shell: echo my username is {{username}}

  - name: look we crypted a password
    shell: echo my password is {{userpass}}

  - debug: var=userpass