- name: Add new SFTP user (user provided by prompt)'
hosts: '{{ target }}'
vars:
pwd_alias: "{{ lookup('password', '/dev/null length=15 chars=ascii_letters') }}"
user_to_add: "{{ newuser }}"
tasks:
- set_fact:
my_pass: "{{ pwd_alias | password_hash('sha512') }}"
- name: Create user
user:
name: "{{ user_to_add }}"
password: "{{ my_pass }}"
shell: /bin/bash
create_home: yes
home: "/home/sftp/{{ user_to_add }}"
group: cgred
- debug:
msg: "{{ pwd_alias }},{{ my_pass }}"
当我运行它时,它会执行应做的事情。它创建用户和我指定的主目录。它还会打印出密码和哈希值,但是无论我做什么,我都无法将更改登录到该用户。
任何有关如何正确获取分配给该用户密码的建议,将不胜感激。
答案 0 :(得分:1)
问题在于, pwd_alias
放入 vars
时,每次引用都会对其进行评估。例如下面的播放
vars:
pwd_alias: "{{ lookup('password', '/dev/null length=15 chars=ascii_letters') }}"
tasks:
- debug: var=pwd_alias
- debug: var=pwd_alias
- debug: var=pwd_alias
给予
"pwd_alias": "RrhCtAFEHievoTY"
"pwd_alias": "TxHCsdKlpweqVJL"
"pwd_alias": "xbFLVvuMkkNkqIE"
解决方案很简单。将对 pwd_alias
的求值放入任务中。例如
tasks:
- set_fact:
pwd_alias: "{{ lookup('password', '/dev/null length=15 chars=ascii_letters') }}"
- set_fact:
my_pass: "{{ pwd_alias | password_hash('sha512') }}"