Ansible doesn't seems to apply encrypted vault password but reads the vault file

Question

I'm new to ansible and trying to create new user with encrypted password using ansible-vault. The taget system is OpenBsd, and I'm using ansible 2.10 on Ubuntu 20.04 . The "problem" is once the playbook finished, I get this message in output

"passord": "NOT_LOGGING_PASSWORD" and the password is not set/update.

I first create and edit my vault file using ansble-vault.

Content of my vault file:

user_pass: pass

Here is my playbook:

- name: Add new user
  hosts: all
  vars_files:
    - "../vars/pass.yml"

  tasks:
  - name: Add regular user
    user:
      name: foo
      update_password: always
      password: "{{ vault_user_pass | password_hash('sha512') }}"
      create_home: yes
      shell: /bin/sh
      generate_ssh_key: yes
      ssh_key_type: rsa
      ssh_key_bits: 2048
      ssh_key_passphrase: ''
    become_user: root

Do you have any idea why the password is not set/update ? I tried to print the vault variable to check if var is readable or not, using debug module and yes, it is. The user is created but with another password. I also tried to hash the password using mkpasswd but same results.

If you need further informations, don't hesitate :).

Thank you in advance.

Answer 1

The variable name is user_pass, even though your variable is in a vault file you don't need to use the vault prefix.

Try as below

- name: Add new user
  hosts: all
  vars_files:
    - "../vars/pass.yml"

  tasks:
  - name: Add regular user
    user:
      name: foo
      update_password: always
      password: "{{ user_pass | password_hash('sha512') }}"
      create_home: yes
      shell: /bin/sh
      generate_ssh_key: yes
      ssh_key_type: rsa
      ssh_key_bits: 2048
      ssh_key_passphrase: ''
    become_user: root