ansible创建用户时密码问题的踩坑记录
Posted h404z
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ansible创建用户时密码问题的踩坑记录相关的知识,希望对你有一定的参考价值。
在学习ansible的时候,设置新用户时遇到坑,比较隐蔽,一而再地中招,于是记录下
第一次,直接用明文
$ ansible dev -m user -a "name=Nick password=123"
[WARNING]: The input password appears not to have been hashed. The 'password' argument must be encrypted for this module to work properly.
192.168.90.3 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 1026,
"home": "/home/Nick",
"name": "Nick",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1026
}
看返回应该是成功创建了,但反复尝试登录发现不成功,肯定不是输错密码,没有留意到warning,不过上网查一下,发现不能直接传明文
第二次,openssl加密
参考 https://blog.csdn.net/qq_37208612/article/details/74298208
$ openssl passwd -salt -1 "123"
-1DhUWqz2JZqc
$ ansible dev -m user -a "name=Nick password=-1DhUWqz2JZqc"
[WARNING]: The input password appears not to have been hashed. The 'password' argument must be encrypted for this module to work properly.
192.168.90.3 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"append": false,
"changed": true,
"comment": "",
"group": 1026,
"home": "/home/Nick",
"move_home": false,
"name": "Nick",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"uid": 1026
}
然而发现还是无法登录,加密了,为什么还不行,继续查下去
第三次,看到用python脚本加密的方式
参考 https://blog.csdn.net/weixin_33672109/article/details/91658947
$ python -c "from passlib.hash import sha512_crypt; import getpass; print(sha512_crypt.using(rounds=5000).hash(getpass.getpass()))"
Password:
$6$oCdGPgCR9sbikR36$IhTedtlBZTVUoLrtn8T5DZ6Os4rX.IRHMrAXrqnAqFqsLQnDxLdmAeKgGfxAsTQ4Rq57I7tTlvELtQCN27Sdm/
$ ansible dev -m user -a "name=Nick password=$6$oCdGPgCR9sbikR36$IhTedtlBZTVUoLrtn8T5DZ6Os4rX.IRHMrAXrqnAqFqsLQnDxLdmAeKgGfxAsTQ4Rq57I7tTlvELtQCN27Sdm/"
[WARNING]: The input password appears not to have been hashed. The 'password' argument must be encrypted for this module to work properly.
192.168.90.3 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"append": false,
"changed": true,
"comment": "",
"group": 1026,
"home": "/home/Nick",
"move_home": false,
"name": "Nick",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"uid": 1026
}
然而发现,还是无法登录,这就很水逆了。。。
通过查证发现密码并没有正确set进去
$ ansible dev -m shell -a "cat /etc/shadow | grep Nick"
192.168.90.3 | CHANGED | rc=0 >>
Nick:.IRHMrAXrqnAqFqsLQnDxLdmAeKgGfxAsTQ4Rq57I7tTlvELtQCN27Sdm/:18225:0:99999:7:::
原因是$
需要转义成$
,然后就可以正常设置和登录了。
总结
# 1.获取密码的加密结果
$ python -c "from passlib.hash import sha512_crypt; import getpass; print(sha512_crypt.using(rounds=5000).hash(getpass.getpass()))"
# 2.把加密后的结果set进去,并记得转义
$ ansible dev -m user -a "name=Nick password=$6$oCdGPgCR9sbikR36$IhTedtlBZTVUoLrtn8T5DZ6Os4rX.IRHMrAXrqnAqFqsLQnDxLdmAeKgGfxAsTQ4Rq57I7tTlvELtQCN27Sdm/"
# 3.查询结果
$ ansible dev -m shell -a "cat /etc/shadow | grep Nick"
# 4.删除用户
$ ansible dev -m user -a "name=Nick state=absent"
以上是关于ansible创建用户时密码问题的踩坑记录的主要内容,如果未能解决你的问题,请参考以下文章