1 00:00:06,610 --> 00:00:08,823 - In this lesson, we will explore how you can create users 2 00:00:08,823 --> 00:00:11,208 with random passwords. 3 00:00:11,208 --> 00:00:13,690 So the password lookup plugin 4 00:00:13,690 --> 00:00:15,730 can be used to generate random passwords 5 00:00:15,730 --> 00:00:18,400 and store these passwords in a local file. 6 00:00:18,400 --> 00:00:21,120 And note that strictly, the password plugin 7 00:00:21,120 --> 00:00:22,740 generates a random string 8 00:00:22,740 --> 00:00:25,380 and using it as a password makes it a password. 9 00:00:25,380 --> 00:00:29,436 So you can use it to get any kind of random string. 10 00:00:29,436 --> 00:00:32,070 And you can use it to define a variable. 11 00:00:32,070 --> 00:00:32,979 As in my password, 12 00:00:32,979 --> 00:00:36,803 look at password credentials plus item length is six. 13 00:00:37,660 --> 00:00:41,450 Watch the documentation for the password plugin 14 00:00:41,450 --> 00:00:44,000 because it does have a couple of other options as well, 15 00:00:44,000 --> 00:00:45,573 apart from the length. 16 00:00:46,440 --> 00:00:49,310 So this defines a directory with the name credentials, 17 00:00:49,310 --> 00:00:51,330 with a file that matches the users name 18 00:00:51,330 --> 00:00:56,330 so that the password can be handed out to the user later. 19 00:00:56,590 --> 00:00:58,230 And after defining the variable, 20 00:00:58,230 --> 00:00:59,580 you can use it as a password 21 00:00:59,580 --> 00:01:02,238 by applying the password hash filter. 22 00:01:02,238 --> 00:01:06,540 Let's have a look at userswithpassword.yaml for an example. 23 00:01:06,540 --> 00:01:10,060 And if you want to, you can use cleanupusers.yaml 24 00:01:10,060 --> 00:01:12,310 to clean up the users that were just created. 25 00:01:12,310 --> 00:01:13,480 Just for your convenience 26 00:01:13,480 --> 00:01:16,410 because we are working with users so often in this course 27 00:01:16,410 --> 00:01:18,983 you might want to clean them up a little bit. 28 00:01:20,160 --> 00:01:23,440 So let's have a look at users with passwords. 29 00:01:23,440 --> 00:01:24,530 And there we go. 30 00:01:24,530 --> 00:01:25,363 What do we see? 31 00:01:26,340 --> 00:01:28,019 We define this variable 32 00:01:28,019 --> 00:01:31,912 and the variable is set to my passwords. 33 00:01:31,912 --> 00:01:35,630 Look up password credentials, plus item length six. 34 00:01:35,630 --> 00:01:40,630 Then the debug module is going to print the password. 35 00:01:40,941 --> 00:01:43,170 Here we generate a random password 36 00:01:43,170 --> 00:01:45,133 and we want to see what it is like. 37 00:01:45,133 --> 00:01:48,114 So we do that for user item. 38 00:01:48,114 --> 00:01:49,007 What is this item? 39 00:01:49,007 --> 00:01:51,290 Well, item as you know comes from a loop. 40 00:01:51,290 --> 00:01:52,730 Here we have the loop 41 00:01:52,730 --> 00:01:56,687 which is using the lines query on the file, users dot txt. 42 00:01:56,687 --> 00:02:01,687 And this file uses dot txt is processed one by one. 43 00:02:02,340 --> 00:02:05,275 Then we have user and in user we define item 44 00:02:05,275 --> 00:02:08,980 with the passwords that was just randomly generated. 45 00:02:08,980 --> 00:02:12,415 And now we are using the password hash filter. 46 00:02:12,415 --> 00:02:15,100 On this my password to hash it. 47 00:02:15,100 --> 00:02:20,100 We require the password to be updated on create of the user. 48 00:02:20,160 --> 00:02:24,527 And we are using the loop again of users dot txt. 49 00:02:24,527 --> 00:02:28,880 So before we run this, let's have a look at users dot txt. 50 00:02:28,880 --> 00:02:31,435 and there you can see couple of users exist 51 00:02:31,435 --> 00:02:36,435 and let's run it ansible playbook on users with password. 52 00:02:38,260 --> 00:02:39,399 And there we go. 53 00:02:39,399 --> 00:02:40,830 Oh, we get, okay. 54 00:02:40,830 --> 00:02:42,670 Okay, okay. 55 00:02:42,670 --> 00:02:44,650 Well all these, okays, it's kind of boring. 56 00:02:44,650 --> 00:02:46,140 I don't wanna see okays. 57 00:02:46,140 --> 00:02:48,002 I want to see something changing. 58 00:02:48,002 --> 00:02:50,670 So let's do cleanup with users, 59 00:02:50,670 --> 00:02:53,650 which is going to remove all these users. 60 00:02:53,650 --> 00:02:54,545 Notice that here as well, 61 00:02:54,545 --> 00:02:58,683 we are using the lookup plugin with a query 62 00:02:58,683 --> 00:03:01,890 on users dot txt to remove them. 63 00:03:01,890 --> 00:03:05,390 So ansible playbook, cleanup users, there we go. 64 00:03:05,390 --> 00:03:10,390 All users are disappearing and then we can run our playbook 65 00:03:10,398 --> 00:03:12,610 with users with password again 66 00:03:12,610 --> 00:03:16,330 and that will actually create the users. 67 00:03:16,330 --> 00:03:17,163 Here we go. 68 00:03:17,163 --> 00:03:20,950 All the users have been created with their new password 69 00:03:20,950 --> 00:03:23,450 and that is how you can use the plugin 70 00:03:23,450 --> 00:03:26,593 as well as the filter to provide for dynamic passwords.