How do I handle Ubuntu's request to change the root user's password when initializing a new server?
Currently, I'm just logging in to change the password, and then running the Ansible script, but obviously that defeats the purpose of automation.
- name: Set root user's password
user: name=root password={{ encrypted_root_password }} update_password=always
See also How do I generate crypted passwords for the user module.
Related
I am new to Ansible. I have a requirement wherein I need to rename the 'Administrator' user account in a Windows host to something else, say 'NewUser' using Ansible.
Any suggestions on how I can rename a Windows user account using Ansible?
Thanks.
PS:-
I have tried searching for various Ansible modules to help me on this. However I could only find modules for adding a new user account, or changing the user password.
I found out the way to achieve this. Its pretty simple. Here is the playbook code:-
---
- name: Change Admin Username
hosts: all
tasks:
- name: Change Admin Username
win_shell: Rename-LocalUser -Name "Administrator" -NewName "NewUser"
Thanks.
I can add passwords to Ubuntu's system keyring, retrievable by Ansible, with the command
keyring set myservice username
by installingsudo apt install python-keyring. This password is then retrievable within an Ansible playbook for example using
ansible_become_pass: "{{ lookup('keyring','myservice username') }}"
See the documentation page for more examples.
But I reinstalled a local computer and I want to re-install/configure a VNC server in it via Ansible. I would like to pick up the saved VNC password that already exists in my computer's (the client) keyring, because I don't want to have the password in plaintext in the middle of a playbook. This password was saved in the keyring by Remmina and does not follow the python-keyring format.
Is there a way to retrieve this password from within an Ansible playbook?
I am new to ansible. I have written an ansible playbook to install vnc. I want to ensure when someone runs the playbook they are prompted for a password. I was able to run the playbook via some code i put together and it prompts for the password but accepts any password.
---
- hosts : test-server
vars_prompt:
- name: password
prompt: "What is your password?"
private: yes
tasks :
- name : install tightvncserver
package : pkg=tightvncserver state=installed
notify:
- start tightvncserver
handlers :
- name : start tightvncserver
service : name=tightvncserver state=started
Please excuse the indentation. Any help will be appreciated
Now, this is where ansible vault comes into picture. Any password or other confidential information has to be stored in ansible vault. If you are not worried about security then you can simply add a when module to check if password matches a specific string or else the best way to solve this would be to prompt for ansible vault password and fetch confidential informations from there.
Alternatively, you can also store your password as key value in a yml variable file and include that in your playbook and add a when condition to check if password provided equals the password mentioned in that variable file.
I want to create a user “deploy” via ansible, set ssh keys, group permissions and then ansible be set to that user.
How do I do this?
use user module for creating user "deploy"
https://docs.ansible.com/ansible/latest/modules/user_module.html
and in next task:
become: yes
become_user: deploy
I am new to Ansible. Trying to copy some files to remote machine.
I am able to copy to remote server's tmp folder, but not able to copy to a particular users folder.
I think it is possible if we can switch to that particular user. But I am not able to do so using playbook.
Please help me on this.
Regards,
KP
This is a permission issue. The user which you use to connect to the host does not have permissions to write to that other users folder.
If you have access to that users account (e.g. your ssh key is accepted) you can simply define the user per task through remote_user:
- copy: src=...
dest=...
remote_user: <SET_OWNER_HERE>
If you do not have access, you can use the sudo flag to execute a task with root permissions. But make sure you set the permissions correctly or the user might not be able to read/write those files:
- copy: src=...
dest=...
owner=<SET_OWNER_HERE>
group=<SET_GROUP_HERE>
mode=0644
sudo: yes
Also, you can define the username as which the sudo command is executed with sudo_user:
- copy: src=...
dest=...
sudo: yes
sudo_user: <SET_OWNER_HERE>
If sudo requires a password from you, you have to provide it or the task will hang forever without any error message.
You can define this globally in the ansible.cfg:
ask_sudo_pass=True
Or pass the option when you call your playbook:
ansible-playbook ... --ask-sudo-pass