Password generation
cimbalo opened this issue · comments
Instead of using library/gen_passwd.py we can generate a password using lookup
- name: read password
set_fact:
password: "{{ lookup('password') }}"
Then save it to a remote file using shell and echo redirection and after read the file with shell and cat command (or we can find better option than using shell module).
A little more context lookup. It generate a random password and save it to a file on the remote local
- name: assign password
set_fact:
password: "{{ lookup('password', '/path/to/local/file') }}"
the use the password
variable in our playbook. If the file does not exist it creates a password and fill the file, otherwise it reads the password from the file.
Edit: the file is local not remote
Right now we are generating a password every time we connect, this is because we can change it without restriction. I would like to keep it this way because storing password in a local file means another level of syncronisation (between us, the humans) . I can't execute the same playbook A on machine vm_A unless you share the password file.
I wrote a sample idempot task to read or generate a password on the remote.
Note:
Require the password file path (variable password_path) and set the variable password as result.
Still use library/gen_passwd.py because lookup password fail if no path is supplied.