cancel
Showing results for 
Search instead for 
Did you mean: 
dennisk
Flight Engineer
Flight Engineer
  • 2,925 Views

Ansible vault guided exercise error (lab data-secret)

Jump to solution

Anyone experiencing the error when trying to run the lab? Lab was run by two people with same error. Syntax checks.

Playbook failed to execute.Playbook failed to execute.

Labels (2)
0 Kudos
1 Solution

Accepted Solutions
Travis
Moderator
Moderator
  • 2,861 Views

@dennisk 

Can you share your secret.yml file please? I'm not 100% sure without seeing, but based on my experience with that error, the password was placed in the file in PLAINTEXT instead of as a hash which will require that module to fail.

 

--- Travis

Travis Michette, RHCA XIII
https://rhtapps.redhat.com/verify?certId=111-134-086
SENIOR TECHNICAL INSTRUCTOR / CERTIFIED INSTRUCTOR AND EXAMINER
Red Hat Certification + Training

View solution in original post

0 Kudos
4 Replies
Travis
Moderator
Moderator
  • 2,862 Views

@dennisk 

Can you share your secret.yml file please? I'm not 100% sure without seeing, but based on my experience with that error, the password was placed in the file in PLAINTEXT instead of as a hash which will require that module to fail.

 

--- Travis

Travis Michette, RHCA XIII
https://rhtapps.redhat.com/verify?certId=111-134-086
SENIOR TECHNICAL INSTRUCTOR / CERTIFIED INSTRUCTOR AND EXAMINER
Red Hat Certification + Training
0 Kudos
dennisk
Flight Engineer
Flight Engineer
  • 2,853 Views

Travis,

I don't have the file since it was created in a netlab pod but I know I didn't encrypt the password so I think your solution is 100% correct.

Thanks,

Dennis

 

0 Kudos
Travis
Moderator
Moderator
  • 2,847 Views

@dennisk -

I know it probably doesn't help a lot now, but please feel free to look at my Github pages. I typically do some demos when I teach the course and for Ansible, I shared the playbooks on Github.

https://github.com/tmichett/RH294/tree/master/Ansible_Playbooks/Chapter4/data-secret

In this instance,  I have the secret file listed there directly.

https://github.com/tmichett/RH294/blob/master/Ansible_Playbooks/Chapter4/data-secret/CH4_GE_Managing...

 

To explain things a little bit further ...

https://docs.ansible.com/ansible/2.8/modules/user_module.html?highlight=user

 
Password:
 
Optionally set the user's password to this crypted value.
On macOS systems, this value has to be cleartext. Beware of security issues.
To create a disabled account on Linux systems, set this to '!' or '*'.
To create a disabled account on OpenBSD, set this to '*************'.
See https://docs.ansible.com/ansible/faq.html#how-do-i-generate-encrypted-passwords-for-the-user-module for details on various ways to generate these password values

 

https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-generate-encrypted-pa...

There are also other methods of doing this ... I'm assuming you were in the DO407 or the RH294 course performing a Vault lab for managing secrets. There is another Advanced Ansible course DO447https://www.redhat.com/en/services/training/do447-advanced-automation-ansible-best-practices that dives into Ansible deeper mentioning proper version control with git and discusses usage of filters, etc.

In that course you learn things like ...

 

user:
  name: "{{ item }}"
  password: "{{ password | password_hash('sha512') }}" 
update_password: on_create
Travis Michette, RHCA XIII
https://rhtapps.redhat.com/verify?certId=111-134-086
SENIOR TECHNICAL INSTRUCTOR / CERTIFIED INSTRUCTOR AND EXAMINER
Red Hat Certification + Training
0 Kudos
dennisk
Flight Engineer
Flight Engineer
  • 2,841 Views

Thanks Travis. Checking with some else at the college who is also working on this, there seems to be some typos in the lab.

0 Kudos
Join the discussion
You must log in to join this conversation.