ansible創建用戶時密碼問題的踩坑記錄

本文轉載自查看原文 2019-11-25 19:45 895 ansible

在學習ansible的時候，設置新用戶時遇到坑，比較隱蔽，一而再地中招，於是記錄下

第一次，直接用明文

$ ansible dev -m user -a "name=Nick password=123"
 [WARNING]: The input password appears not to have been hashed. The 'password' argument must be encrypted for this module to work properly.

192.168.90.3 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "comment": "",
    "create_home": true,
    "group": 1026,
    "home": "/home/Nick",
    "name": "Nick",
    "password": "NOT_LOGGING_PASSWORD",
    "shell": "/bin/bash",
    "state": "present",
    "system": false,
    "uid": 1026
}

看返回應該是成功創建了，但反復嘗試登錄發現不成功，肯定不是輸錯密碼，沒有留意到warning，不過上網查一下，發現不能直接傳明文

第二次，openssl加密
參考 https://blog.csdn.net/qq_37208612/article/details/74298208

$ openssl passwd -salt -1 "123"
-1DhUWqz2JZqc

$ ansible dev -m user -a "name=Nick password=-1DhUWqz2JZqc"
 [WARNING]: The input password appears not to have been hashed. The 'password' argument must be encrypted for this module to work properly.

192.168.90.3 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "append": false,
    "changed": true,
    "comment": "",
    "group": 1026,
    "home": "/home/Nick",
    "move_home": false,
    "name": "Nick",
    "password": "NOT_LOGGING_PASSWORD",
    "shell": "/bin/bash",
    "state": "present",
    "uid": 1026
}

然而發現還是無法登錄，加密了，為什么還不行，繼續查下去

第三次，看到用python腳本加密的方式

參考 https://blog.csdn.net/weixin_33672109/article/details/91658947

$ python -c "from passlib.hash import sha512_crypt; import getpass; print(sha512_crypt.using(rounds=5000).hash(getpass.getpass()))"
Password:
$6$oCdGPgCR9sbikR36$IhTedtlBZTVUoLrtn8T5DZ6Os4rX.IRHMrAXrqnAqFqsLQnDxLdmAeKgGfxAsTQ4Rq57I7tTlvELtQCN27Sdm/

$ ansible dev -m user -a "name=Nick password=$6$oCdGPgCR9sbikR36$IhTedtlBZTVUoLrtn8T5DZ6Os4rX.IRHMrAXrqnAqFqsLQnDxLdmAeKgGfxAsTQ4Rq57I7tTlvELtQCN27Sdm/"
 [WARNING]: The input password appears not to have been hashed. The 'password' argument must be encrypted for this module to work properly.

192.168.90.3 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "append": false,
    "changed": true,
    "comment": "",
    "group": 1026,
    "home": "/home/Nick",
    "move_home": false,
    "name": "Nick",
    "password": "NOT_LOGGING_PASSWORD",
    "shell": "/bin/bash",
    "state": "present",
    "uid": 1026
}

然而發現，還是無法登錄，這就很水逆了。。。

通過查證發現密碼並沒有正確set進去

$ ansible dev -m shell -a "cat /etc/shadow | grep  Nick"
192.168.90.3 | CHANGED | rc=0 >>
Nick:.IRHMrAXrqnAqFqsLQnDxLdmAeKgGfxAsTQ4Rq57I7tTlvELtQCN27Sdm/:18225:0:99999:7:::

原因是$需要轉義成\$，然后就可以正常設置和登錄了。

總結

# 1.獲取密碼的加密結果
$ python -c "from passlib.hash import sha512_crypt; import getpass; print(sha512_crypt.using(rounds=5000).hash(getpass.getpass()))"

# 2.把加密后的結果set進去，並記得轉義
$ ansible dev -m user -a "name=Nick password=\$6\$oCdGPgCR9sbikR36\$IhTedtlBZTVUoLrtn8T5DZ6Os4rX.IRHMrAXrqnAqFqsLQnDxLdmAeKgGfxAsTQ4Rq57I7tTlvELtQCN27Sdm/"

# 3.查詢結果
$ ansible dev -m shell -a "cat /etc/shadow | grep  Nick"

# 4.刪除用戶
$ ansible dev -m user -a "name=Nick state=absent"

免責聲明！

本站轉載的文章為個人學習借鑒使用，本站對版權不負任何法律責任。如果侵犯了您的隱私權益，請聯系本站郵箱yoyou2525@163.com刪除。

猜您在找 Ansible批量創建用戶並修改密碼 ansible user模塊添加用戶、密碼問題記錄初學者學習Hive時踩過的坑記錄在vue中使用jsx時踩過的坑 SkyWalking 踩坑記錄 mongodb 踩坑記錄 Nacos 踩坑記錄 Electron踩坑記錄 websocket 踩坑記錄 Cityscapes踩坑記錄