无法将密码分配给具有Ansible用户模块的用户

时间:2019-09-12 00:14:30

标签: python linux ansible

- name: Add new SFTP user (user provided by prompt)'
  hosts: '{{ target }}'
  vars:
    pwd_alias: "{{ lookup('password', '/dev/null length=15 chars=ascii_letters') }}"
    user_to_add: "{{ newuser }}"
  tasks:
    - set_fact:
        my_pass: "{{ pwd_alias | password_hash('sha512') }}"
    - name: Create user
      user:
        name: "{{ user_to_add }}"
        password: "{{ my_pass }}"
        shell: /bin/bash
        create_home: yes
        home: "/home/sftp/{{ user_to_add }}"
        group: cgred
    - debug:
        msg: "{{ pwd_alias }},{{ my_pass }}"

当我运行它时,它会执行应做的事情。它创建用户和我指定的主目录。它还会打印出密码和哈希值,但是无论我做什么,我都无法将更改登录到该用户。

任何有关如何正确获取分配给该用户密码的建议,将不胜感激。

1 个答案:

答案 0 :(得分:1)

问题在于, pwd_alias 放入 vars 时,每次引用都会对其进行评估。例如下面的播放

  vars:
    pwd_alias: "{{ lookup('password', '/dev/null length=15 chars=ascii_letters') }}"
  tasks:
    - debug: var=pwd_alias
    - debug: var=pwd_alias
    - debug: var=pwd_alias

给予

"pwd_alias": "RrhCtAFEHievoTY"
"pwd_alias": "TxHCsdKlpweqVJL"
"pwd_alias": "xbFLVvuMkkNkqIE"

解决方案很简单。将对 pwd_alias 的求值放入任务中。例如

tasks:
  - set_fact:
      pwd_alias: "{{ lookup('password', '/dev/null length=15 chars=ascii_letters') }}"
  - set_fact:
      my_pass: "{{ pwd_alias | password_hash('sha512') }}"