ansible创建用户时密码问题的踩坑记录

Posted h404z

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ansible创建用户时密码问题的踩坑记录相关的知识,希望对你有一定的参考价值。

在学习ansible的时候,设置新用户时遇到坑,比较隐蔽,一而再地中招,于是记录下

第一次,直接用明文

$ ansible dev -m user -a "name=Nick password=123"
 [WARNING]: The input password appears not to have been hashed. The 'password' argument must be encrypted for this module to work properly.

192.168.90.3 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "comment": "",
    "create_home": true,
    "group": 1026,
    "home": "/home/Nick",
    "name": "Nick",
    "password": "NOT_LOGGING_PASSWORD",
    "shell": "/bin/bash",
    "state": "present",
    "system": false,
    "uid": 1026
}

看返回应该是成功创建了,但反复尝试登录发现不成功,肯定不是输错密码,没有留意到warning,不过上网查一下,发现不能直接传明文

第二次,openssl加密
参考 https://blog.csdn.net/qq_37208612/article/details/74298208

$ openssl passwd -salt -1 "123"
-1DhUWqz2JZqc

$ ansible dev -m user -a "name=Nick password=-1DhUWqz2JZqc"
 [WARNING]: The input password appears not to have been hashed. The 'password' argument must be encrypted for this module to work properly.

192.168.90.3 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "append": false,
    "changed": true,
    "comment": "",
    "group": 1026,
    "home": "/home/Nick",
    "move_home": false,
    "name": "Nick",
    "password": "NOT_LOGGING_PASSWORD",
    "shell": "/bin/bash",
    "state": "present",
    "uid": 1026
}

然而发现还是无法登录,加密了,为什么还不行,继续查下去

第三次,看到用python脚本加密的方式

参考 https://blog.csdn.net/weixin_33672109/article/details/91658947

$ python -c "from passlib.hash import sha512_crypt; import getpass; print(sha512_crypt.using(rounds=5000).hash(getpass.getpass()))"
Password:
$6$oCdGPgCR9sbikR36$IhTedtlBZTVUoLrtn8T5DZ6Os4rX.IRHMrAXrqnAqFqsLQnDxLdmAeKgGfxAsTQ4Rq57I7tTlvELtQCN27Sdm/

$ ansible dev -m user -a "name=Nick password=$6$oCdGPgCR9sbikR36$IhTedtlBZTVUoLrtn8T5DZ6Os4rX.IRHMrAXrqnAqFqsLQnDxLdmAeKgGfxAsTQ4Rq57I7tTlvELtQCN27Sdm/"
 [WARNING]: The input password appears not to have been hashed. The 'password' argument must be encrypted for this module to work properly.

192.168.90.3 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "append": false,
    "changed": true,
    "comment": "",
    "group": 1026,
    "home": "/home/Nick",
    "move_home": false,
    "name": "Nick",
    "password": "NOT_LOGGING_PASSWORD",
    "shell": "/bin/bash",
    "state": "present",
    "uid": 1026
}

然而发现,还是无法登录,这就很水逆了。。。

通过查证发现密码并没有正确set进去

$ ansible dev -m shell -a "cat /etc/shadow | grep  Nick"
192.168.90.3 | CHANGED | rc=0 >>
Nick:.IRHMrAXrqnAqFqsLQnDxLdmAeKgGfxAsTQ4Rq57I7tTlvELtQCN27Sdm/:18225:0:99999:7:::

原因是$需要转义成$,然后就可以正常设置和登录了。

总结

# 1.获取密码的加密结果
$ python -c "from passlib.hash import sha512_crypt; import getpass; print(sha512_crypt.using(rounds=5000).hash(getpass.getpass()))"

# 2.把加密后的结果set进去,并记得转义
$ ansible dev -m user -a "name=Nick password=$6$oCdGPgCR9sbikR36$IhTedtlBZTVUoLrtn8T5DZ6Os4rX.IRHMrAXrqnAqFqsLQnDxLdmAeKgGfxAsTQ4Rq57I7tTlvELtQCN27Sdm/"

# 3.查询结果
$ ansible dev -m shell -a "cat /etc/shadow | grep  Nick"

# 4.删除用户
$ ansible dev -m user -a "name=Nick state=absent"

以上是关于ansible创建用户时密码问题的踩坑记录的主要内容,如果未能解决你的问题,请参考以下文章

unionId突然不能获取的踩坑记录

记录一次微信小程序getUserProfile的踩坑经历

记录一次微信小程序getUserProfile的踩坑经历

记录一次微信小程序getUserProfile的踩坑经历

记录一次微信小程序getUserProfile的踩坑经历

Laravel Entrust 权限管理扩展包的踩坑记录