Open 0lzi opened 8 months ago
Hello @0lzi thanks for sharing 😀 I will make some tests but I think this will create a different password each time Anisble is run and with this approach the role is not idempotent. And also this will creaate a different passowrd on all the hosts (I need to check the dock if this is allowed)
Yes, I spotted that when I was running it myself, I did tweak it slightly over the weekend, to below;
- name: Create random password
ansible.builtin.set_fact:
ha_userpass: "{{ lookup('ansible.builtin.password', '/dev/null', seed=ansible_date_time.time) }}"
delegate_to: localhost
run_once: true
- name: Change hacluster user password
ansible.builtin.user:
name: hacluster
update_password: always
password: "{{ ha_userpass | password_hash('sha512') }}"
This will generate a password and then use that across all hosts, and it if you are using the update_password; always it will always change it with a newly generated password each run, which does takeaway the idempotent element with my task.
I created a role similar and used the below to then not require passing the hacluster password as a var.