am newbi to devops and got a task to create user , am using ansible in my control machine and want to create a new user with password in server2
playbook i have written is
hosts:appservers
user:test
sudo:yes
gather_facts:yes
var :
password:centos
task:
- name: creating user
user: name=john password={{password}}
after running the above script i tried to login with that user on another server as
[root]# su - test
after doing the above step it didnt asked for the password and took me to the test user as
[test#localhost ~]$
y it is not asking for the password ?
Root doesn't need a password to switch users. Try using ssh test#localhost to test the password.
Related
I need some help with ansible login, the company i work for uses PAM where we type in username and info and we get auth prompt from microsoft authenticator to login.
In a nut shell from cli the command to login to a device would be
ssh -p 4422 mydomain.com\username#aus.mydomain\usernameadmin#1.1.1.1#authserver.mydomain.com
i need this to translate into ansible config for the login part and hopefully also use inventory so we dont have to specify the ip address.
thanks in advance.
I have 2 users: dashadmin and dash
I have my target machine with settings that only allow access as privileged user dashadmin, root ssh has been locked. For security reasons i would like to keep user dash unpriviiged.
I am trying to administer a user account dash and run a command that requires using the unprivileged user dashbc the command requires conf file in the users home path...
Here is the play
- name: generate bls privatekey
command: dash-cli bls generate
become: yes
become_user: dash
register: bls
i get this error:
TASK [dashmn : After dashd started, generate masternode bls private key] ***************************************
fatal: [78.141.219.106]: FAILED! => {"msg": "Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user (rc: 1, err: chown: changing ownership of '/var/tmp/ansible-tmp-1594229288.4458573-404302-256218153903862/': Operation not permitted\nchown: changing ownership of '/var/tmp/ansible-tmp-1594229288.4458573-404302-256218153903862/AnsiballZ_command.py': Operation not permitted\n}). For information on working around this, see https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user"}
2 questions:
What is the best way to run this command/bypass this error?
what is the best way to store the output for later use?
i think i found a way to avoid this, i will add the unprivileged user to sudoer list during setup and remove from sudoer after everything is installed.
I was wondering if it was possible to have Vagrant provisioning with Ansible playbooks to have a task where a command which requires user input is executed and pauses to wait for user interaction.
The use case is to auth the gcloud terminal command with gcloud auth login. The command asks the user to go to a url which perform the Google authentication and then enter the verification code provided after the access is granted:
Go to the following link in your browser:
https://accounts.google.com/o/oauth2/....
Enter verification code:
I've seen prompt and wait_for modules for Ansible but it does not look like can be used in this scenario?
If the account you're trying to authenticate in that scenario is a service account, give gcloud auth activate-service-account a try. It'd be especially useful here because it prompts for nothing, all it does is login a service account using a key file. You can find out more about it here.
Maybe the expect module will work on your case. Have you read about it?
Example from ansible docs:
- name: Case insensitive password string match
expect:
command: passwd username
responses:
(?i)password: "MySekretPa$$word"
# you don't want to show passwords in your logs
no_log: true
- name: Generic question with multiple different responses
expect:
command: /path/to/custom/command
responses:
Question:
- response1
- response2
- response3
You can combine this with uri module to authenticate on google cloud, register the output, parse it with regex or something and then use it on expect module...
Source: Ansible Expect Module
I tried using Jenkins or my admin username as user and password. For password, I tried to update using sudo passwd jenkins, so I am fine on that. However, I am skeptical about the user name. How do I confirm the username for Jenkins? Can someone pls help me?
During the initial run of Jenkins a security token is generated and printed in the console log. The username is admin
The token should look something like,
*************************************************************
Jenkins initial setup is required. A security token is required to proceed.
Please use the following security token to proceed to installation:
41d2b60b0e4cb5bf2025d33b21cb
*************************************************************
For me the initial admin password was in a log at ~/.jenkins/secrets/initialAdminPassword
after installing with homebrew.
source
If you pod is running in a Kubernetes cluster, just look at the running process … Your initial password will be shown…
e.g.
--argumentsRealm.passwd.admin=**3kJQtPDkhk** --argumentsRealm.roles.admin=admin
Username: admin
For password,
cat /Users/$(whoami)/.jenkins/secrets/initialAdminPassword
you will get similar to this token 2762710d8dab4c88a59fea0a2e559069
I have just install Postgres 9.3 on Windows 7. The installation completed successfully. It has never asked me to provide the password for postgres user.
The service postgresql-x64-9.3 is up and running. However, I cannot connect: I do not not know the password. I've found the following answer, but it did not help:
similar question on Ubuntu
[LINUX]
might work for windows too
After installing postgres follow following steps in order to setup password for default system account of Linux execute following in terminal:
user:~$ sudo -i -u postgres
postgres#user:~$ psql
after executing above two commands you will get into postgres shell
Execute this query in postgres shell:
postgres=# ALTER USER postgres PASSWORD 'mynewpassword';
your new password is 'mynewpassword' without quotes and now you can connect with external GUI tools like DBeaver
WARNING: trust means exactly that. Anyone who can connect to the PostgreSQL server can control it. If you set trust mode that allows superusers like user postgres (or all users) to connect, they get total control of your PostgreSQL and can probably run shell commands too. You should usually only use it to change the password then restore the configuration back to the auth mode you were using before.
If you used an unattended installer script, the password will be in the script or associated config file.
Otherwise, treat it the same as if you lost/forgot the password rather than never knowing it:
Edit pg_hba.conf, setting the auth mode to trust instead of the default md5
In the Services control panel restart the PostgreSQL service
Connect with psql or PgAdmin or whatever
ALTER USER postgres PASSWORD 'mynewpassword';
Edit pg_hba.conf again and set the auth mode back to md5
Restart PostgreSQL again
pg_hba.conf is in your data directory. By default it'll be %PROGRAMFILES%\PostgreSQL\9.3\data.
To edit it you'll have to use the security tab to give yourself read/write permissions (via a UAC prompt). This might require you to set yourself as the owner of the file.
On unix systems it's more secure to prepend a
local all all peer
line to pg_hba.conf and then sudo -u postgres psql (assuming your PostgreSQL server runs as user postgres) to get an interactive psql session without using a password. That way you don't have to use trust.
On initialisation you can access the DB as:
Username: postgres
Password: postgres
By default user postgres does not have a password
Start psql and create a password:
sudo -u postgres psql
\password postgres - It will ask you enter a password for user postgres
Through trial and error I found that the password for Postgre SQL 10 for the username postgres is "admin". I kept typing in different password until I reached that password. I am using pgAdmin 4 to test out my SQL Statements, POSTGRE SQL 10 is the first server connection set up using localhost.
It seems there was no default password, but psql wouldn't accept a lack of a password (fe_sendauth: no password supplied). To get around this, I opened pgAdmin, then in the left sidebar:
Servers
Login/Group Roles
Right click postgres and click Properties,
Go to Definition tab
Set the password in the Password field
After saving, psql accepted that password. There may have been a switch I could have supplied to have it accept a lack of a password (--no-password?), but the user should probably have a password anyways, so this seemed reasonable.
go to control >> computer management >> Locaol users and group >> users >>
right click on openpgsvc >> set password.
after that now you can access with this password on openpgsvc
The simplest solution I've found is just to install PgAdmin and connect to the local server with the current Windows credentials (username + password). Then you can change the password to the postgres user.
step1: Go to control panel
Step2: Click on Administrative Tools
Step3: Click on Computer Management
Step4: There under "Local Users and Groups" Double click on user
Step:5: then right click on postgres and you can set password
refer this below image