14

I am trying to create playbook where list of users will be created.

However, I also want to generate random password for each user. Once the passwords are generated, I would like to have a text file holding username:new_generated_password key values, next to the playbook file. Is it possible to do this without developing a new module?

ydaetskcoR
  • 53,225
  • 8
  • 158
  • 177
Pablo
  • 28,133
  • 34
  • 125
  • 215

1 Answers1

15

The password lookup can generate passwords for you and puts the generated password on the control machine (i.e. where the playbook is running). An example task that creates a user and sets their password may look something like this:

- name: Create users with auto generated password
  user:
    name: "{{ item.name }}"
    password: "{{ lookup('password', 'credentials/' + item.name + '/password.txt encrypt=md5_crypt') }}"
  with_items: users

This would then create a text file named ~/credentials/$username/password.txt on the control machine. If you were to rerun the Ansible play then Ansible would recognise that filepath as the password and make sure to set the user's password to that same value - making it idempotent.

This doesn't get you quite what you wanted but gets all the information that you needed on to the Ansible control host so you could then further manipulate it to get the final output that you wanted.

ydaetskcoR
  • 53,225
  • 8
  • 158
  • 177
  • Just needed to add `encrypt` parameter and it worked like a charm! tks – Pablo Nov 28 '15 at 18:19
  • @Pablo can you please paste your working example like where you have added the `encrypt` parameter, so that it will help other. Thanks – Arbab Nazar Dec 12 '15 at 15:26
  • `{{ lookup('password', 'credentials/' + item.name + '/password.txt encrypt=md5_crypt') }}` – Pablo Dec 12 '15 at 20:16
  • 6
    The `` in `password: "{{ lookup('password', ) }}"` appears to actually denote a file location on the localhost (the master), not the remote node? – koniu Mar 13 '16 at 09:36
  • 2
    Yes, the path denotes a path on the machine running the playbook, not the remote hosts... – zedix Sep 08 '16 at 19:22
  • New link to Ansible docs: [`password` lookup](https://docs.ansible.com/ansible/latest/plugins/lookup/password.html) – thinkmassive Aug 01 '18 at 20:43
  • How to generate a password on remote host ? I don't want any ansible file on master host... If I change the master host, I will lost it... Only remote should know about passwords – Loenix May 06 '20 at 15:21