Thanks for your response.
@Inderpreet I got failed also with no explanation. My verification below confirms validation is not fine. Please assist. Thank you.
Verifications:
Hi @Jenna but if you are mentioning the password string within the playbook then whats the use of vault ? Can u or anyone please explain in a simple way how do we have to use vault in this scenario I’m getting a bit confused.
My understanding : Encrypt the vaults.txt file —> which contains the password which is used to decrypt another file which contains our actual user password strings.
.
.
.
Is this correct?
Hi @daovan1987 I did the encryption as u suggested however i got this error in purple line in screenshot.
@akshayyw
i got this error in purple line in screenshot.
The password must be encrypted and hashed, otherwise you can’t login to the user even you set the password correctly.
but i have already encrypted it using ansible-vault encrypt_string , but still it gives me this warning
Could you explain what exactly you did for the task of this step. This is bit confusing.
some say use below of the following.
- I have updated vault password file in ansible.cfg
Which of the following is the correct one to use of the below after updating ansible.cfg
2. password: "{{ '8FmzjvFU6S' | password_hash('sha512', 'mysecretsalt') }}"
3. password: “{{ ‘YchZHRcLkL’ | password_hash (‘sha512’) }}”
4. password: "{{ admin_password | string | password_hash(‘sha512’) }}"
e. Set password Rc5C9EyvbU
for all users under developers
group and GyQkFRVNr3
for users under admins
group. Make sure to use the password given in ~/playbooks/secrets/vault.txt
file as Ansible vault password to encrypt the original password strings. You can use ~/playbooks/secrets/vault.txt
file as vault secret file while running the playbook (make necessary changes in ~/playbooks/ansible.cfg
file).
Thanks for checking it out!
What worked for me here:
password: “{{ adminpassword | password_hash(‘sha512’) }}”
where adminpassword is the variable declared for admins group users password in another newly created file by me , which is encrypted through given vault password file
Same declare variable for developers group .
@ramashish.sharma
I used number 3.
@akshayyw you are right. will try use the variable next time. thank you.