Closed vreitech closed 2 years ago
Hi @vreitech
Hashing and encrypting strings and passwords
If passlib is not installed then the crypt module is used, only if crypt module cannot be used the error is triggered; looking at the crypt module might reveal what is the issue.
My thinking is that python3-passlib
as a package could be added if a user requires, but that it is not distinctly part of Ansible but rather using an external function? If it were a core part of either the ansible-core
or ansible
packages then it would be installed, however, it doesn't seem to be so?
Or, am I missing something and this is a core part of the build?
As it described at https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html filter's page: _Hash types available depend on the control system running Ansible, ‘hash’ depends on hashlib, passwordhash depends on passlib. The crypt is used as a fallback if passlib is not installed. Form this point python3-passlib doesn't looks like a mandatory core component. And at same time we are getting wrong BCrypt hash value without passlib (i. e. using crypt library).
So, are you suggesting that we leave it without, or is there a convincing argument that it should be included?
Complicated.
Used google a bit to find some information about "ansible password_hash bcrypt". And all that i got was people either had error message about crypt.crypt not supports bcrypt algorithm or had some kinds of errors after passlib package/module has been installed. Btw didn't got any information about someone got correct bcrypt hash not using passlib, but didn't even tried to find info about it tbf.
At same time adding python3-passlib
package "switches" password_hash
Ansible module to using passlib which probably would broke people playbooks behavior (don't believe in that tbh). I suggest it should not be included into current images, but probably should be added into images which based on future Ansible versions. Or maybe it should be versions of images with passlib for each Linux distribution.
Another way to handle the problem is to add installation of passlib python module through ansible.builtin.pip
module. I've tested it on your images, and beginning from 2.12 version it works on all Linux distributions.
Only one argument still for adding the package into the container: it fixes the issue without having to add something like apt-get -y update && apt-get -y install python3-passlib
by user. Counter-arguments was above.
Personally for me the problem is solved, thanks for questions.
From what I understand, I will leave as is at the moment. But if needed in the future I might re-open it. Thanks for your explanations. 😸
I tried to use 'password_hash' module in my playbook, and I got misbehavior when using 'bcrypt' algorithm with the module.
Example playbook:
Actual behavior: Hash value is not meaningful.
Expected behavior: Meaningful hash value (something that starts from
$2a$10$
).Suggested solution to the problem: It needs to be added installation of
python3-passlib
package into Dockerfile. Adding this into docker/podman run command solves the problem:Environment: