That is pretty cool. Mgmt is not thrilled with using a filter and want me
to see if I can do it another way. I'm trying using the expect module, but
not getting the response I thought:
- name: Use expect
expect:
command: /usr/bin/grub-mkpasswd-pbkdf2
responses:
(?i)Enter password: "{{ random_plaintext_password }}"
(?i)Reenter password: {{ random_plaintext_password }}"
register: grub_hash
delegate_to: 127.0.0.1
- name: Print grub_hash
debug:
msg: "Grub hash is {{ grub_hash.stdout }}"
However this prints the entire "exchange":
New grub hash is Enter password:
Reenter password:
PDKDF2 hash of your password is.....
Why is the entire exchange printed out? I expected that the last line
above would be printed which I could then use cut on to print only the
password.
On Friday, March 31, 2023 at 5:34:28 AM UTC-4 Dick Visser wrote:
> On Fri, 31 Mar 2023 at 06:42, Dick Visser <[email protected]> wrote:
> >
> > Looking at
> > https://help.ubuntu.com/community/Grub2/Passwords#Password_Encryption,
> it seems that grub uses pbkdf2 with sha512, with a fixed number of 10000
> rounds.
> >
> > IIRC python passlib supports that so it should be possible to generate
> with the ansible password_hash filter:
> >
> https://docs.ansible.com/ansible/latest/collections/ansible/builtin/password_hash_filter.html
>
>
> Actually, it's not that easy.
> I had previously created a filter to generate PBKDF2 hashes for the
> "mosquitto" application. Based on that I made a grub_mkpasswd_pbkdf2
> filter:
>
> https://gist.github.com/dnmvisser/c567608193ad6bc1465b182e9a58bca7
>
> Example on how to use it:
>
> dick.visser@foobar ~$ ansible -i localhost, all -m debug -a msg="{{
> 'hackme' | grub_mkpasswd_pbkdf2 }}"
> localhost | SUCCESS => {
> "msg":
> "grub.pbkdf2.sha512.10000.380BF76393CDE1AB16ACE9F32AE6DB262FDD43021FEEEC1A94B87F14640F6D09D3D7DA61977BB7A4384766697148758D061E84FD5F81745EDDFF4E4B6C7DB0D0.92DC5B05FED969DB16BC4982B8B23B8B575D12E2ED776A911D7D47901DC5DDD8B4BAD65C535C33900321D050B8BE9BC2A6C3EDF96C1FB0825A0DC54BBBEB2F5B"
> }
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/b52f842e-1c06-4b16-af58-b8bc83213598n%40googlegroups.com.
