0

So far I have installed the nexus using playbook, I am able to create user, role and permissions all using playbook. I am also able to create repositories and delete the repositories.

Now I am trying for 'default admin password change' for the admin user, I am able to do this successfully in my first run. But, when i go ahead and use my password for second run (which is my default or current) password, it take my old (rather than newly changed password) password which is default one. As scope of the password changed is limited to its run time.

My question here is how to make my ansible playbook to use the new password. Or Is use of ansible vault service (or cloud native vault) is good option here? Please share how can i make use of vault service to read the password and update the password to vault when i change it in ansible playbook.

Jagdish0886
  • 343
  • 1
  • 5
  • 20
  • Having a look at [this complete ansible role](https://github.com/ansible-ThoTeam/nexus3-oss) might help you. It takes care of changing the default password and works with 'old' versions (<3.17) using 'admin123' and new versions generating a password on disk. You can see the [groovy script](https://github.com/ansible-ThoTeam/nexus3-oss/blob/master/files/groovy/update_admin_password.groovy) to register password and the [different tasks](https://github.com/ansible-ThoTeam/nexus3-oss/blob/master/tasks/nexus_install.yml#L376) taking care of the change – Zeitounator Sep 20 '19 at 12:10
  • I have went through the complete book you have mentioned, as we discussed in other thread, indeed its really helpful, I am referring it and customizing my own playbook. I am stuck at a point where i am trying to use a variables which i can directly make use 'new password' on second run. My main question is I am trying to see the solution is Instead of hardcoding each password can we read those from vault, so every time we can read those from there and when we change the pswd in script we can update it back to the vault? So that it gives security and also avoid run time assignments – Jagdish0886 Sep 20 '19 at 13:39
  • 1
    Are you talking about hashicorp vault or ansible-vault ? In the later case I never tried but it should be doable. You will still need a vault pass to decrypt/encrypt data. For hashicorp vault, I guess you can probaly do that with [`hashi_vault` module](https://docs.ansible.com/ansible/latest/plugins/lookup/hashi_vault.html) to retreive and by calling the vault API to store. – Zeitounator Sep 20 '19 at 14:24
  • I am ok with either of them, i will give a try if hashi_vault module works for me, may be it will take sometime for me to implement. Ty! – Jagdish0886 Sep 23 '19 at 04:35
  • May I know, how to read the values from encrypted files (using ansible-vault) and assign those values to the variables at runtime in a playbook under defaults section. – Jagdish0886 Sep 23 '19 at 08:18
  • Please read the site rules in the help section, more specifically ["How do I ask a good"](https://stackoverflow.com/help/how-to-ask) question. To elaborate on that, your current question is very broad and at risk of being closed, your last comment is an other question for which you should... ask an other question. Your are not showing at any point any evidence of what your tried and the specific problem your are facing with and [MCVE](https://stackoverflow.com/help/minimal-reproducible-example). Regarding ansible-vault , take some time to test by yourself and you'll be able to give details. – Zeitounator Sep 23 '19 at 09:24
  • thank you, let me ask a new question – Jagdish0886 Sep 23 '19 at 10:35

0 Answers0