I have a task like this
- name: create user user-app
user:
name: user-app
createhome: yes
uid: "700"
password: "{{ app_passwd | password_hash('sha512') }}"
group: user-app
state: present
When running this I get the following error
fatal: [localhost]: FAILED! => {"msg": "template error while templating string: No filter named 'password_hash'.. String: {{ frapp_passwd | password_hash('sha512') }}"}
I am able to solve it when I manually enter the password and then bypass it. I have the password in the vars.yml file and the playbook calls this role which adds the user but gets an error in this particular password line. My ansible version is 2.8.6. How can I solve this?
Related
Can someone help me in finding the best way to declare all variables inside a file and define the file path in ansible playbook? Here's my ansible-playbook
---
- hosts: myhost
vars:
- var: /root/dir.txt
tasks:
- name: print variables
debug:
msg: "username: {{ username }}, password: {{ password }}"
These are the contents inside dir.txt
username=test1
password=mypassword
When I run this, I am facing an error
TASK [print variables] *********************************************************************************************************
fatal: [121.0.0.7]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'username' is undefined\n\nThe error appears to be in '/root/test.yml': line 6, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n tasks:\n - name: print variables\n ^ here\n"}
Expected output is to print the variables by this method
Any help would be appreciated
There are two reasons why your code won't work.
A variables file should be in YAML or JSON format for Ansible to load it
Such variables files are loaded with vars_files directive or include_vars task, rather than vars
So a YAML file named /root/dir.yml:
username: test1
password: mypassword
Can be used in a playbook like:
---
- hosts: myhost
vars_files:
- /root/dir.yml
tasks:
- name: print variables
debug:
msg: "username: {{ username }}, password: {{ password }}"
I'm doing some playbook to change username password on linux. I want to use the same playbook for all users.
What i am doing is:
- name: change users password
hosts: localhost
vars_files: ['credentials.yml']
tasks:
- user:
name: "{{ user_name }}"
password: "{{ dynamic_password | password_hash('sha512') }}"
And my file.yml:
credentials.yml
dynamic_password: "$6$mysecretsalt$QF9IdmmJLZWuEO8PKQ0w7c81Rre0hv.udU83ypIO3cG5DbAo90IXwHX6wcuhDJaLAkdE5KSSl9lKvdMFh810b."
generic_password: "$6$IxMDgSamMRSMAEY1$rfGAWC8xBgGMMGOFJXAMxnUuiKVKrH3SDOuNIrJpx4rMZy/FG5spqp1f9oSAcDBpTJ2vOK2rAboWHZ6Zn5qZm."
What i am executing:
ansible-playbook prueba81.yml --extra-vars "user_name=pepito type_password=dynamic_password"
What i want to do, is indicate in the command line, the user and what password (inside of the file yml) should it use. But seems that the variable type_password is not recognized.
Can you help me?.
Thanks!!!!
Your extra-vars on the command line isn't setting type_password to the value of the variable dynamic_password. You're literally setting the variable type_password to be the string "dynamic_password".
If you want to tell ansible what variable to use from the command line, you can do it several ways. Here's one example:
ansible-playbook prueba81.yml --extra-vars "user_name=pepito type_password=dynamic"
tasks:
- user:
name: "{{ user_name }}"
password: "{{ dynamic_password | password_hash('sha512') }}"
when type_password == "dynamic"
Use lookup vars to reference the password indirectly. For example
- user:
name: "{{ user_name }}"
password: "{{ my_password | password_hash('sha512') }}"
vars:
my_password: "{{ lookup('vars', type_password) }}"
You might want to set a default type. For example
- user:
name: "{{ user_name }}"
password: "{{ my_password | password_hash('sha512') }}"
vars:
my_password: "{{ lookup('vars', type_password|default('dynamic_password')) }}"
I wrote a python script which gets executed via my ansible playbook and returns the following output via stdout:
- { username: ansible, admin: yes}
- { username: test, admin: no }
The output then should get saved in the variable "users" and with the "with_items" (or the newer "loop" conditional) I want to iterate through the variable in order to assign the right permissions for each user separately:
- name: execute python script
command: "python3 /tmp/parse_string.py --user_permissions={{ user_permissions }}"
register: output
- name: register
set_fact:
users: "{{ output.stdout }}"
- name: output
debug: msg="{{ users }}"
- name: Add user to group -admin
user:
name={{ item.username }}
groups=admin
append=yes
state=present
when: "item.admin == yes"
with_items: '{{users}}
However when launching the playbook it says that the variable "users" has no attribute "username".
TASK [create_users : output] ***************************************************
ok: [ansible] => {
"msg": "- { username: ansible, admin: yes }\n- { username: test, admin: no }\n- { username: test2, admin: no }"
}
TASK [create_users : Add user to group -admin ***************
fatal: [ansible]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'ansible.utils.unsafe_proxy.AnsibleUnsafeText object' has no attribute 'username'\n\nThe error appears to be in '***': line 29, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: \n ^ here\n"}
Can anyone help me with this case?
BR
You are setting your users var to a string. It happens that this string is a yaml representation of a datastructure but ansible has no clue about that at this point.
To achieve your requirement, you need to parse that string as yaml and register the result. Luckily, there is a from_yaml filter for that purpose
You just have to modify your set_fact task as the following and everything should work as expected:
- name: register
set_fact:
users: "{{ output.stdout | from_yaml }}"
I need to update more than 30 hosts the root password.
I read that I can user user module for that... but I'm doing something wrong.
Can you drop some help here ?
Typo in above yaml file .
- name: Password rollover
user:
name: "{{ lookup('env', 'USER') }}" ## Should not have "-"
update_password: always
password: "{{ lookup('env', 'PASSWORD') }}"
I came across a similar situation and what I did to solve it was a playbook like this:
Filename: password_rollover.yml
---
- name: Password rollover
user:
- name: "{{ lookup('env', 'USER') }}"
update_password: always
password: "{{ lookup('env', 'PASSWORD') }}"
You use it passing those env variables:
USER=root PASSWORD=newpass ansible-playbook --limit group password_rollover.yml -b
I have Ansible role "db" with simple task:
- name: Check repos
apt_repository: repo="{{ item.repo }}" state={{ item.state }}
with_items:
- "{{ apt_repos }}"
In /defaults/mail.yml:
apt_repos:
# Percona
- { state: present, repo: 'deb http://repo.percona.com/apt wheezy main', keyserver: 'keyserver.ubuntu.com', key: '1C4CBDCDCD2EFD2A', needkey: True }
- { state: present, repo: 'deb-src http://repo.percona.com/apt wheezy main', needkey: False }
When i try to run this ansible-playbook:
---
- hosts: test
roles:
- db
i see error:
fatal: [10.10.10.10] => One or more undefined variables: 'unicode object' has no attribute 'repo'
FATAL: all hosts have already failed -- aborting
But i have another role with same task and variable and it work perfectly. What's wrong?
You want to be doing this:
with_items: apt_repos
apt_repos is a list. By referencing it as - "{{ apt_repos }}" the extra - is turning it into a list of lists. You also don't need the quotes or braces in this case - those are pretty much just redundant in this type of situation.