So I need to create an user in a machine so I can then have a script that will log into this machine and backup its database. Which database is that, you might ask? For this discussion it does not matter besides that it is running in a Linux box. But, if you want a more specific example, we could be backing up a sqlite database since we talked about how to do the deed before.
Anyway, the plan is to have the script ssh into the database server and grab the backup. Since we are using ssh in the script, we might as well use key pair authentication. Now I have learned that by default if you create a user and do not assign it a password, you will not be able to login as said user using key pair authentication. You can turn that off but I would rather not. Instead, since I am creating said user programmatically, I can give it a long random password.
- Ansible can be used in countless ways; it is a very flexible tool. Take variables for example; you can put them in your inventory file, in separate variable files, at the top of your playbook, in the CLI command, and I’m guessing even more places.
- The password lookup will generate a new random password each time, but will not write it to /dev/null. This can be used when you need a password without storing it on the controller. Generated passwords contain a random mix of upper and lowercase ASCII letters, the numbers 0-9 and punctuation (”.,: - ”).
Free movie the wishmaster 4 in hindi. Now that we have a plan, let's see how to do it in an ansible playbook. I will present only the relevant bits since I do not know how you do your playbooks. So, we could create a user using something like
which would create user user_name who will also belong to the groups defined in user_groups, where user_name and user_groups are variables defined somewhere earlier in the show. And this would create a user without a password, which would do us no good. Nor would us make the playbook stop and ask us to enter a password. We said earlier we are going to create a random password, so let's see if we can make something random enough for our needs.
I plan on generating this random password in the machine we are running ansible on, not the target machine. One of the reasons is that I want to use the Linux command mkpassword to create the password hash (note it is being called using the shell command. So, I will use a local_action to do the deed. For instance, let's say I want the password to be pickles and encoded using SHA-512 hash (mild encryption). I could accomplish it by writing
Generate a random string of a fixed length. Generate a random string with a combination of lower and upper case letters. Create a unique random string without repeating characters in it; Generate a random alphanumeric string with letters and numbers. Generate a random string password which contains the letters, digits, and special characters. In my Ansible script, I want to generate UUIDs on the fly and use them later on. Generate a random UUID from a 20 char string with upper/lower case letters. 2020-9-4 Generate random passwords in Windows using OpenSSL. If you have installed OpenSSL on Windows, you can use the same openssl command on Windows to generate a pseudo-random password or string: c:UsersJanC:OpenSSL-Win64binopenssl.exe rand -hex 8 33247ca41c60ac53 PHP OpenSSL – create a pseudo-random password with PHP and OpenSSL.
Killzone 2 free full pc game. This would create a hash, say
and assign it to the variable user_pw. This of course has to be done before the user is created. To use it with our new user, we can then modify our little user creation function to something like this:
In the last line we are feeding the value of user_pw, user_pw.stdout, to password. But why can't I just feed user_pw? Here's an exercise to you: tell your playbook just print user_pw. Doesn't it look very object-like?
If you run your playbook and all went well, go to the target machine and check if there is a password associated with the user in /etc/shadow. If the user was already created, you will need to delete user and let ansible recreate it.
So we have so far created a way to create a password hash and then create a new user with that password. 2018 hp evinrude etec manual. The last step we need is to make the password random. Here is what I am proposing: how about if we use date since epoch in seconds as our password and then mangle it a bit? Here is a simple mangling example:
Which gives b8a49ccaa4721877cf39e510c7ac3622 as the output, which should be long enough to fulfill our needs. Of course if you run it again, it will spit out a different result, which is what we want? Perfectly random? Not by a long shot, but it is long enough for our needs. Remember: there is nothing saying you have to use the above. Hav efun creating your own function!
So, let's apply that to our little password generating function:
And we should be good to go. Here is how the final version should look like in a playbook:
Now we have an user, we can then create the ssh key pair we talked about in an earlier article. Of course we might edit the ./ssh/authorized_keys file to restrict what that key can do.
Ansible Generate Random Strings
Need a random number for your Ansible playbook? But want to be idempotent on subsequent runs? There is an answer!
Let's say you want to register
cron
Cst studio suite 2014 crack free download. jobs on a bunch of servers and don't want it to start on the same time. You can use: X notifier for firefox.but this will generate random number during each playbook execution, giving you unnecessary
changed
state for tasks.Update for Ansible 2.3:
As of Ansible version 2.3, it’s also possible to initialize the random number generator from a seed. This way, you can create random-but-idempotent numbers:
'{{ 59 |random(seed=inventory_hostname) }} * * * * root /script/from/cron'
For previous Ansible versions:
But you can craft a pseudo-random number based on any variable/fact you want. For example, you can choose
inventory_hostname
to make this number different between servers but the same on subsequent playbook runs:Magic explained: Pivot 3 beta mac.
- we take
inventory_hostname
string (e.g.'myserver'
) - make a
hash
from it ('c3a7a35a28dcce27daad3a7a90caad99b967a904'
) - split it into array of characters (
['c','3','a',.]
)
where every character is a hexadecimal digit - apply
int
filter withbase=16
to every character to convert it to number0.15
([12,3,10,.]
) sum
all numbers (334
)- limit our pseudo-random number by taking the remainder of division
% 60
(34
)
So your cron task may look like:
Ansible Generate Random String
This will start
myscript.sh
at some random time between 6:00
and 7:59
and this time will be idempotent on subsequent playbook runs.