How to select mandatory character when generating random password with ansible?

Question

I create a random password with Ansible. 4 characters in length.

- hosts: localhost
  vars:
    pwd_alias: "{{ lookup('password', '/dev/null length=4 chars=ascii_letters,digits,hexdigits,punctuation' ) }}"

  user: root
  tasks:
    - debug:
        msg: Sifre= {{pwd_alias}}

    - debug:
        msg: Sifre= {{pwd_alias}}

    - debug:
        msg: Sifre= {{pwd_alias}}

    - debug:
        msg: Sifre= {{pwd_alias}}

I want it to be password example. I want the output to look like this example.

TASK [debug] 
ok: [localhost] => {
    "msg": "Sifre= Z/bO"
}

TASK [debug] 
ok: [localhost] => {
    "msg": "Sifre= a_4G"
}

TASK [debug] 
ok: [localhost] => {
    "msg": "Sifre= 9a&0"
}

TASK [debug] 
ok: [localhost] => {
    "msg": "Sifre= d.2C"
}

ascii_letters = 1
hexdigits = 1
digits = 1
punctuation = 1

I want him to generate a random password like this. But what the system produces sometimes changes. Sometimes there are no digits, sometimes there is no punctuation. I want these 4 features to be absolutely.

ansible version = 2.7.10

This is how the outputs are

TASK [debug] 
ok: [localhost] => {
    "msg": "Sifre= Z/bh"
}

TASK [debug] 
ok: [localhost] => {
    "msg": "Sifre= a_-G"
}

TASK [debug] 
ok: [localhost] => {
    "msg": "Sifre= 9ad0"
}

TASK [debug] 
ok: [localhost] => {
    "msg": "Sifre= d.aC"
}

How do I get each character? Thank you so much

Vladimir Botka · Accepted Answer

Generate the passwords in a separate file. Get random character from each set and create pwd_alias_list. Then shuffle and join the list.

$ cat generate-password-4.yml
- set_fact:
    pwd_alias_list: []
- set_fact:
    pwd_alias_list: "{{ pwd_alias_list + [
                        lookup('password', '/dev/null length=1 chars=' ~ item) ]
                        }}"
  loop:
    - ascii_letters
    - digits
    - hexdigits
    - punctuation
- set_fact:
    pwd_alias: "{{ pwd_alias_list|shuffle|join('') }}"

The tasks below

  tasks:
    - include_tasks: generate-password-4.yml
    - debug:
        var: pwd_alias
    - include_tasks: generate-password-4.yml
    - debug:
        var: pwd_alias
    - include_tasks: generate-password-4.yml
    - debug:
        var: pwd_alias
    - include_tasks: generate-password-4.yml
    - debug:
        var: pwd_alias

give

"pwd_alias": "ld(9"
"pwd_alias": "2R`9"
"pwd_alias": "O5(0"
"pwd_alias": "2>z5"

It's possible to make the generation of the password more flexible and create a list of the characters' sets my_char_specs and number of the repetitions my_repeat

$ cat generate-password.yml
- set_fact:
    pwd_alias_list: []
- set_fact:
    pwd_alias_list: "{{ pwd_alias_list + [
                        lookup('password', '/dev/null length=1 chars=' ~ item.0) ]
                        }}"
  with_nested:
    - "{{ my_char_specs }}"
    - "{{ range(0, my_repeat)|list }}"
- set_fact:
    pwd_alias: "{{ pwd_alias_list|shuffle|join('') }}"

The task below repeat the random choice from four sets four times

  vars:
    my_char_specs:
      - ascii_letters
      - digits
      - hexdigits
      - punctuation
    my_repeat: 4
  tasks:
    - include_tasks: generate-password.yml
    - debug:
        var: pwd_alias

and gives

"pwd_alias": "8=3[9BD(7?3bJ5y3"

How to select mandatory character when generating random password with ansible?

Answers (2)

Related Questions