Tag Archives: ansible

ansible change root password

pwgen -n 15 -c 1
soo2Echu7SooLao

python -c 'import crypt; print crypt.crypt("soo2Echu7SooLao", "$6$saltsalt$")'
$6$saltsalt$vot6A2I.VYFjfBPrgM0eTnqZqI4fzCz65Uc8Ez3mYJNokpOe72nFnQLlDQ..GnHGvj1HYTTwUU7YJmLyaAPM.1

Or using PERL perl -e 'print crypt("soo2Echu7SooLao","\$6\$saltsalt\$") . "\n"'

ansible -i inv vit -m user -a ' name=root password=$6$saltsalt$vot6A2I.VYFjfBPrgM0eTnqZqI4fzCz65Uc8Ez3mYJNokpOe72nFnQLlDQ..GnHGvj1HYTTwUU7YJmLyaAPM.1 ' -k

SSH password:
XX.XX.XX.XX | success >> {
"append": false,
"changed": true,
"comment": "root",
"group": 0,
"home": "/root",
"move_home": false,
"name": "root",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"uid": 0
}

about Ansible

Ansible is an open source IT configuration management, deployment, and
orchestration tool. It is unique from other management tools in many respects,
aiming to provide large productivity gains to a wide variety of automation
challenges. While Ansible provides more productive drop-in replacements
for many core capabilities in other automation solutions, it also seeks to solve
other major unsolved IT challenges by unifying configuration, deployment, and
complex IT process orchestration.
One of the most important challenges in this environment is to do all of the
above while providing a robust, easy to manage architecture–a problem that is
frequently not well solved in this application space. A management tool should
not impose additional demands on one’s environment–in fact, one should have
to think about it as little as possible. It should be transparent and maximize
productivity gains. Let’s see how Ansible achieves these gains using a unique
agentless architecture.

Ansible Secure and Agentless

Ansible relies on the most secure remote management system available as its default transport layer: OpenSSH. OpenSSH is available for a wide variety of platforms, is very lightweight, and as security issues in OpenSSH are discovered, they are patched quickly.

Further, Ansible does not require any remote agents. It delivers Ansible modules to remote systems and executes tasks, as needed, to enact the desired configuration. These modules run with user-supplied credentials, including support for sudo and even Kerberos, and clean up after themselves when complete. Ansible does not require root privileges, specific SSH keys, or dedicated users and respects the security model of the system under management.

As a result, Ansible has a very low attack surface area and is quite easy to bootstrap.