Reputation: 141
Ansible lookup plugin "password" does not save password in a file
can anyone help ?
I tried to implement the Ansible password generator enter link description here. The problem is that I don't see where the file for the passwords is stored/created after the (seemingly) successfully runs?
But when I remove the part 'credentials/' + item.0.client_username + then I am able to see the file created (where my ansible code is).
The documentation in the link does not say much.
At the bottom is also the content of the default file.
- name: Add Client
solace_client_username:
name: "{{ item.0.client_username }}"
msg_vpn: "{{ msg_vpn }}"
settings:
clientProfileName: "{{ item.1.clientProfileName }}"
aclProfileName: "{{ item.1.aclProfileName }}"
password: "{{ lookup('password', 'credentials/' + item.0.client_username + 'password.dat length=15 chars=ascii_letters,ascii_uppercase,ascii_lowercase,digits') }}"
with_subelements:
- "{{ clients }}"
- specs
default yml:
clients:
- client_username: export-john-doe
specs:
- aclProfileName: export-john-doe-profile
clientProfileName: default
enabled: true
- client_username: staging-john-doe
specs:
- aclProfileName: staging-john-doe-profile
clientProfileName: default
enabled: true
Upvotes: 2
Views: 1064
Answers (2)
Reputation: 141
Vladimir Botka's answer above is correct. I just noticed that this creates another folder named "credentials" where the files for each password are located. The folder is under the root directory (where you run the ansible code from).
Upvotes: 0
Reputation: 68144
Q: "Where the file for the passwords are stored?"
A: On the controller/master. The lookup plugins run always on master.
" ... lookups execute and are evaluated on the Ansible control machine."
"Lookups are executed with a working directory relative to the role or play, as opposed to local tasks, which are executed relative the executed script."
Your code should work fine. For example
- debug:
msg: "{{ lookup('password',
'credentials/' + item.0.client_username + 'password.dat
length=15
chars=ascii_letters,ascii_uppercase,ascii_lowercase,digits') }}"
with_subelements:
- "{{ clients }}"
- specs
gives on the controller in the current directory
shell> tree credentials/
credentials/
├── export-john-doepassword.dat
└── staging-john-doepassword.dat
0 directories, 2 files
shell> cat credentials/export-john-doepassword.dat
bcpJprWLv3srojj
shell> cat credentials/staging-john-doepassword.dat
rnyTJ3qpZczY0Qc
Upvotes: 2
Related Questions
- Ansible password creation "The input password appears not to have been hashed"
- Ansible password_hash with variable
- Ansible pipe lookup to generate encrypted password using interpreter
- Ansible Lookup Plugin only returns 'NOMATCH' result
- How to invoke encrypted password inside ansible playbook?
- Ansible does not run without password file
- Ansible hash password not working
- Ansible job prompting for password
- Why Ansible ignores ansible_become_password variable?
- Missing become password in ansible playbook