Since version 1.9 ansible supports password_hash filter that can do that for us. Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com&gt; --- guests/lcitool | 29 +------------------------ guests/playbooks/update/tasks/users.yml | 2 +- 2 files changed, 2 insertions(+), 29 deletions(-) diff --git a/guests/lcitool b/guests/lcitool index 2901a92c507b..ad1eee288620 100755 --- a/guests/lcitool +++ b/guests/lcitool @@ -151,34 +151,7 @@ class Config: return vault_pass_file def get_root_password_file(self): - root_pass_file = self._get_config_file("root-password") - root_hash_file = self._get_config_file(".root-password.hash") - - try: - with open(root_pass_file, "r") as infile: - root_pass = infile.readline().strip() - except Exception: - raise Error( - "Missing or invalid root password file ({})".format( - root_pass_file, - ) - ) - - # The hash will be different every time we run, but that doesn't - # matter - it will still validate the correct root password - root_hash = crypt.crypt(root_pass, Util.mksalt()) - - try: - with open(root_hash_file, "w") as infile: - infile.write("{}\n".format(root_hash)) - except Exception: - raise Error( - "Can't write hashed root password file ({})".format( - root_hash_file, - ) - ) - - return root_hash_file + return self._get_config_file("root-password") class Inventory: diff --git a/guests/playbooks/update/tasks/users.yml b/guests/playbooks/update/tasks/users.yml index ec7f798a9c00..0a930d6c382c 100644 --- a/guests/playbooks/update/tasks/users.yml +++ b/guests/playbooks/update/tasks/users.yml @@ -2,7 +2,7 @@ - name: 'root: Set password' user: name: root - password: '{{ lookup("file", root_password_file) }}' + password: '{{ lookup("file", root_password_file)|password_hash("sha512") }}' shell: '{{ bash }}' - name: 'root: Configure ssh access' -- 2.18.0