Closed do3cc closed 7 years ago
drybjed
commented
9 years ago I keep my secrets in git safely encrypted using encfs. Which would be of no much help either because finding out who changed what encrypted file is very hard when paths to these files are obscured by encryption.
What other suggestion would you have for this issue? I don't think that keeping root password in Ansible inventory is a good idea. :-)
do3cc
commented
9 years ago A simple variable, root_pw_ansible_managed: false
drybjed
commented
9 years ago You mean to disable this option? Set console_root: False in inventory.
do3cc
commented
9 years ago I misunderstand what was happening. I thought the root pw is only set when I add the secret file. Instead the root pw is by default always changed. This seems to be a good thing, but the docs do not mention that at all. The password file itself also does not make it clear if it contains the root pw in cleartext or not. Also, I am not sure how to change the root pw now. Can I just add it to the file or is it crpyted in there. This information is missing.
drybjed
commented
9 years ago @do3cc root password is the same as any other passwords managed via lookup('password'). Passwords are stored in secret/ directory in cleartext, with salt. Then at runtime, lookup('password') convets them to a hashed form and sends them to user module which stores them in /etc/shadow "as is".
To change the password, you can change the cleartext in the file, just make sure that salt= field is present and correctly formatted.
Lots of roles need docs yet. :-) I'm converting them to the new format and add them to http://docs.debops.org/ as I go. Be a good patient. :-)
drybjed
commented
7 years ago The root password management has been moved to the debops.root_account role, this issue is no longer relevant for debops.console therefore I'm closing it. @do3cc let me know if you still have issues with the password.
Which is a bad idea. I want to know who has to suffer here in the office but VCS is no help