I recommend you create roles for post and pre tasks for you ansible. Ansible random UUID generation. Which given a string it will return an ansible. Ansible connects to this server and will validate the identity of the server using the system knownhosts. The default behavior is to generate and use a onetime key. Host key checking is disabled via the ANSIBLEHOSTKEYCHECKING environment variable if the key is generated. Sshauthorizedkeyfile (string) - The SSH public key of the Ansible.
Need a random number for your Ansible playbook? But want to be idempotent on subsequent runs? There is an answer!
Let's say you want to register
cron
jobs on a bunch of servers and don't want it to start on the same time. You can use:but this will generate random number during each playbook execution, giving you unnecessary
changed
state for tasks.Update for Ansible 2.3:
As of Ansible version 2.3, it’s also possible to initialize the random number generator from a seed. This way, you can create random-but-idempotent numbers:
'{{ 59 |random(seed=inventory_hostname) }} * * * * root /script/from/cron'
For previous Ansible versions:
But you can craft a pseudo-random number based on any variable/fact you want. For example, you can choose
inventory_hostname
to make this number different between servers but the same on subsequent playbook runs:Magic explained:
- we take
inventory_hostname
string (e.g.'myserver'
) - make a
hash
from it ('c3a7a35a28dcce27daad3a7a90caad99b967a904'
) - split it into array of characters (
['c','3','a',..]
)
where every character is a hexadecimal digit - apply
int
filter withbase=16
to every character to convert it to number0.15
([12,3,10,..]
) sum
all numbers (334
)- limit our pseudo-random number by taking the remainder of division
% 60
(34
)
So your cron task may look like:
This will start
myscript.sh
at some random time between 6:00
and 7:59
and this time will be idempotent on subsequent playbook runs.Linux stores users’ encrypted passwords, as well as other security information, such as account or password expiration values, in the
/etc/shadow
file.Someday you may need to edit the
/etc/shadow
file manually to set or change ones password.Unlike the
/etc/passwd
that is readable for everyone, the /etc/shadow
file MUST be readable by the ROOT user only.For this you would have to generate password hash in the format compatible with
/etc/shadow
.Cool Tip: Want to create a USER with ROOT privileges? This can be very dangerous! But if you insist… Read more →
There is no need to install any additional tools as it can be easily done from the Linux command line using Python.
Generate Password Hash for /etc/shadow
The encrypted passwords in/etc/shadow
file are stored in the following format:The $ID indicates the type of encryption, the $SALT is a random (up to 16 characters) string and $ENCRYPTED is a password’s hash.
Hash Type | ID | Hash Length |
---|---|---|
MD5 | $1 | 22 characters |
SHA-256 | $5 | 43 characters |
SHA-512 | $6 | 86 characters |
Cool Tip: Got a hash but don’t know what type is it? Find out how to easily identify different hash types! Read more →
Use the below commands from the Linux shell to generate hashed password for
/etc/shadow
with the random salt.Generate MD5 password hash:
Generate SHA-256 password hash:
Generate SHA-512 password hash: Ben 10 hd wallpaper download.
Hope these commands will be helpful.
Just don’t forget to replace MySecretPassword with YourSecretPassword.
As you can see, it is really very easy to generate hashes for the
/etc/shadow
from the Linux command line using Python.Ansible Generate Random String Lights
Particularly for the reason that the Python is installed by default on the most Linux distributions.