anyone see this? I get a warning saying ASK [Create admin users with default home directory] **************************************************************************************************************
ok: [stapp01] => (item=rob)
ok: [stapp01] => (item=david)
ok: [stapp01] => (item=joy)
[WARNING]: The input password appears not to have been hashed. The ‘password’ argument must be encrypted for this module to work properly.
can anyone see whatelse can i do to fulfill this requirement:
e. Set password Rc5C9EyvbU for all users under developers group and GyQkFRVNr3 for users under admins group. Make sure to use the password given in ~/playbooks/secrets/vault.txt file as Ansible vault password to encrypt the original password strings. You can use ~/playbooks/secrets/vault.txt file as vault secret file while running the playbook (make necessary changes in ~/playbooks/ansible.cfg file).
It ask to config the vault.tx to ansible.cfg, ask not to use the command line when running with the playbook. I thought if set the config vault file path, ansible would know to hash the password? any other configuration that i need to modify? or should i encrypt the password first, then add the hash to the password field in the playbook?
Yes exactly as what you wrote. ansible.cfg is ok and you to need first encrypt password with vault.txt then hash this encrypted password.
There is a tricky here in converting vault password to hashed one.
@Devops
do you mean to use command line
ansible-vault encrypt_string ‘YchZHRcLkL’ --vault-password-file ./secrets/vault.txt ’ --name ‘admin_password’, then put the long gubberly encrypted chars into the password field to replace the string ‘YchZHRcLkL’, like
password: "{{ admin_password | password_hash (‘sha512’) }}?
I thought to put the vault_password_file here , when run the playbook, ansible will look for the password field to encrypted without passing the command line encryption first. no?
The vault_password_file is used to decrypt your encrypted string. Without it ansible doesn’t know how to transform your encrypted password in a plain text one