- name: Add new SFTP user (user provided by prompt)'
hosts: '{{ target }}'
vars:
pwd_alias: "{{ lookup('password', '/dev/null length=15 chars=ascii_letters') }}"
user_to_add: "{{ newuser }}"
tasks:
- set_fact:
my_pass: "{{ pwd_alias | password_hash('sha512') }}"
- name: Create user
user:
name: "{{ user_to_add }}"
password: "{{ my_pass }}"
shell: /bin/bash
create_home: yes
home: "/home/sftp/{{ user_to_add }}"
group: cgred
- debug:
msg: "{{ pwd_alias }},{{ my_pass }}"
When I run this it does what it’s supposed to do. It creates the user and the home directory that I specify. It also prints out a password and the hash but I can’t log change to this user no matter what I do.
Any suggestions on how I can get a password assigned to this user correctly would be much appreciated.
Advertisement
Answer
The problem is that pwd_alias, when put into the vars, will be evaluated each time referenced. For example the play below
vars:
pwd_alias: "{{ lookup('password', '/dev/null length=15 chars=ascii_letters') }}"
tasks:
- debug: var=pwd_alias
- debug: var=pwd_alias
- debug: var=pwd_alias
gives
"pwd_alias": "RrhCtAFEHievoTY" "pwd_alias": "TxHCsdKlpweqVJL" "pwd_alias": "xbFLVvuMkkNkqIE"
The solution is simple. Put the evaluation of pwd_alias into the tasks. For example
tasks:
- set_fact:
pwd_alias: "{{ lookup('password', '/dev/null length=15 chars=ascii_letters') }}"
- set_fact:
my_pass: "{{ pwd_alias | password_hash('sha512') }}"