- name: Add new SFTP user (user provided by prompt)' hosts: '{{ target }}' vars: pwd_alias: "{{ lookup('password', '/dev/null length=15 chars=ascii_letters') }}" user_to_add: "{{ newuser }}" tasks: - set_fact: my_pass: "{{ pwd_alias | password_hash('sha512') }}" - name: Create user user: name: "{{ user_to_add }}" password: "{{ my_pass }}" shell: /bin/bash create_home: yes home: "/home/sftp/{{ user_to_add }}" group: cgred - debug: msg: "{{ pwd_alias }},{{ my_pass }}"
When I run this it does what it’s supposed to do. It creates the user and the home directory that I specify. It also prints out a password and the hash but I can’t log change to this user no matter what I do.
Any suggestions on how I can get a password assigned to this user correctly would be much appreciated.
Advertisement
Answer
The problem is that pwd_alias
, when put into the vars
, will be evaluated each time referenced. For example the play below
vars: pwd_alias: "{{ lookup('password', '/dev/null length=15 chars=ascii_letters') }}" tasks: - debug: var=pwd_alias - debug: var=pwd_alias - debug: var=pwd_alias
gives
"pwd_alias": "RrhCtAFEHievoTY" "pwd_alias": "TxHCsdKlpweqVJL" "pwd_alias": "xbFLVvuMkkNkqIE"
The solution is simple. Put the evaluation of pwd_alias
into the tasks. For example
tasks: - set_fact: pwd_alias: "{{ lookup('password', '/dev/null length=15 chars=ascii_letters') }}" - set_fact: my_pass: "{{ pwd_alias | password_hash('sha512') }}"