Not much of an article here - just some notes about encrypting passwords for Ansible playbooks. All of the examples for adding the encrypted passwords to the ansible playbook are Python (what's up with that?!) :-)
So, I have an example of a playbook to change a user password on all ansible systems and I have translated the password encryption field for Perl (you're welcome!)
Here's my chgUserPW.yml:
---
- hosts: all
sudo: yes
tasks:
- name: Change user1 password
# Created passwd with:
# perl -e 'print crypt("your pw here","\$6\$salt\$")'
# Notes: password, 6 = md5, salt = random string to salt entropy
user: name=user1 update_password=always password=$6$salt$sjuT2.eSTcX/vKwW7RlB1tdLxyB34lJSsndXA5yzC7BZrdAkiAOqtf4NPtHa0tjdFa/5wcS1.vt0LAwzEassr0
All you do is run the Perl one-liner adding your own password and salt string (the word "salt" is probably not a good choice) and you get the format for the password Linux is expecting (salted MD5). Paste that into the password field and you can now change all of your system's user1 passwords to "your pw here".
*Disclaimer - I'd try it on a single system first, preferably one you have a backdoor root account on. It worked for me. Good luck!
Subscribe to:
Post Comments (Atom)
It was a great blog. It had all the required information that was needed for a better understanding of the topic.I'm glad you shared this with us, thanks.
ReplyDeleteDigital Marketing Training in Chennai
Digital Marketing Course in Chennai