I was wondering if it was possible to have Vagrant provisioning with Ansible playbooks to have a task where a command which requires user input is executed and pauses to wait for user interaction.
The use case is to auth the gcloud terminal command with gcloud auth login. The command asks the user to go to a url which perform the Google authentication and then enter the verification code provided after the access is granted:
Go to the following link in your browser:
https://accounts.google.com/o/oauth2/....
Enter verification code:
I've seen prompt and wait_for modules for Ansible but it does not look like can be used in this scenario?
If the account you're trying to authenticate in that scenario is a service account, give gcloud auth activate-service-account a try. It'd be especially useful here because it prompts for nothing, all it does is login a service account using a key file. You can find out more about it here.
Maybe the expect module will work on your case. Have you read about it?
Example from ansible docs:
- name: Case insensitive password string match
expect:
command: passwd username
responses:
(?i)password: "MySekretPa$$word"
# you don't want to show passwords in your logs
no_log: true
- name: Generic question with multiple different responses
expect:
command: /path/to/custom/command
responses:
Question:
- response1
- response2
- response3
You can combine this with uri module to authenticate on google cloud, register the output, parse it with regex or something and then use it on expect module...
Source: Ansible Expect Module
Related
I need some help with ansible login, the company i work for uses PAM where we type in username and info and we get auth prompt from microsoft authenticator to login.
In a nut shell from cli the command to login to a device would be
ssh -p 4422 mydomain.com\username#aus.mydomain\usernameadmin#1.1.1.1#authserver.mydomain.com
i need this to translate into ansible config for the login part and hopefully also use inventory so we dont have to specify the ip address.
thanks in advance.
I have DigitalOcean tool installed and would like to initialze it. On the https://github.com/digitalocean/doctl#authenticating-with-digitalocean,
it describes as follows, enter doctl auth init and it will prompt the text:
DigitalOcean access token: your_DO_token
Is there a way to enter the token via Ansible?
In the very next paragraph under the one you linked to it says:
The --access-token flag or DIGITALOCEAN_ACCESS_TOKEN variable are acknowledged
so presumably:
- command: doctl compute droplet list
environment:
DIGITALOCEAN_ACCESS_TOKEN: your_DO_token
We are setting up a system where we need to re-verify a user's identify before he/she is allowed to perform a specific task. The user enters his/her password into the website, and then PHP runs kinit to verify that the password is correct. We use Kerberos for authentication. This is what we successfully tried on a Linux server:
echo "password123" | kinit username#REALM.COM
The problem is that the system is running on a Windows server. We have installed kinit, but cannot seem to get the same thing to work. Running that same command, with or without the quotes, just gives us this output:
kinit: Generic preauthentication failure while getting initial credentials
Any suggestions on what could be done here?
Edit:
Running simply "kinit" and then entering the password at the prompt, works well.
I tried using Jenkins or my admin username as user and password. For password, I tried to update using sudo passwd jenkins, so I am fine on that. However, I am skeptical about the user name. How do I confirm the username for Jenkins? Can someone pls help me?
During the initial run of Jenkins a security token is generated and printed in the console log. The username is admin
The token should look something like,
*************************************************************
Jenkins initial setup is required. A security token is required to proceed.
Please use the following security token to proceed to installation:
41d2b60b0e4cb5bf2025d33b21cb
*************************************************************
For me the initial admin password was in a log at ~/.jenkins/secrets/initialAdminPassword
after installing with homebrew.
source
If you pod is running in a Kubernetes cluster, just look at the running process … Your initial password will be shown…
e.g.
--argumentsRealm.passwd.admin=**3kJQtPDkhk** --argumentsRealm.roles.admin=admin
Username: admin
For password,
cat /Users/$(whoami)/.jenkins/secrets/initialAdminPassword
you will get similar to this token 2762710d8dab4c88a59fea0a2e559069
am newbi to devops and got a task to create user , am using ansible in my control machine and want to create a new user with password in server2
playbook i have written is
hosts:appservers
user:test
sudo:yes
gather_facts:yes
var :
password:centos
task:
- name: creating user
user: name=john password={{password}}
after running the above script i tried to login with that user on another server as
[root]# su - test
after doing the above step it didnt asked for the password and took me to the test user as
[test#localhost ~]$
y it is not asking for the password ?
Root doesn't need a password to switch users. Try using ssh test#localhost to test the password.