JavaScript
x
- name: Add new SFTP user (user provided by prompt)' hosts: '{{ target }}' vars: pwd_alias: "{{ lookup('password', '/dev/null length=15 chars=ascii_letters') }}" user_to_add: "{{ newuser }}" tasks: - set_fact: my_pass: "{{ pwd_alias | password_hash('sha512') }}" - name: Create user user: name: "{{ user_to_add }}" password: "{{ my_pass }}" shell: /bin/bash create_home: yes home: "/home/sftp/{{ user_to_add }}" group: cgred - debug: msg: "{{ pwd_alias }},{{ my_pass }}"When I run this it does what it’s supposed to do. It creates the user and the home directory that I specify. It also prints out a password and the hash but I can’t log change to this user no matter what I do.
Any suggestions on how I can get a password assigned to this user correctly would be much appreciated.
Advertisement
Answer
The problem is that pwd_alias, when put into the vars, will be evaluated each time referenced. For example the play below
JavaScript
vars: pwd_alias: "{{ lookup('password', '/dev/null length=15 chars=ascii_letters') }}" tasks: - debug: var=pwd_alias - debug: var=pwd_alias - debug: var=pwd_aliasgives
JavaScript
"pwd_alias": "RrhCtAFEHievoTY""pwd_alias": "TxHCsdKlpweqVJL""pwd_alias": "xbFLVvuMkkNkqIE"The solution is simple. Put the evaluation of pwd_alias into the tasks. For example
JavaScript
tasks: - set_fact: pwd_alias: "{{ lookup('password', '/dev/null length=15 chars=ascii_letters') }}" - set_fact: my_pass: "{{ pwd_alias | password_hash('sha512') }}"