From d03954a24becf4df373bceab089781830643a7aa Mon Sep 17 00:00:00 2001 From: Michel Blanc Date: Tue, 5 Mar 2013 16:26:24 +0100 Subject: [PATCH 1/3] Update playbooks2.rst Added doc on encrypt capability of vars_prompt. Assuming the example in https://github.com/ansible/ansible/blob/devel/examples/playbooks/prompts.yml is still valid. --- docsite/rst/playbooks2.rst | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docsite/rst/playbooks2.rst b/docsite/rst/playbooks2.rst index dfa993a7d6..c7dcc07a71 100644 --- a/docsite/rst/playbooks2.rst +++ b/docsite/rst/playbooks2.rst @@ -209,6 +209,16 @@ some other options, but otherwise works equivalently:: prompt: "Product release version" private: no +vars_prompt can also crypt the entered value so you can use it, for instance, with the user module to define a password:: + + vars_prompt: + - name: "my_password2" + prompt: "Enter password2" + private: yes + encrypt: "md5_crypt" + confirm: yes + salt_size: 7 + salt: "foo" Passing Variables On The Command Line ````````````````````````````````````` From f3b06a300847a861b5af46f596d08d6b6cd42acc Mon Sep 17 00:00:00 2001 From: Michel Blanc Date: Tue, 5 Mar 2013 17:19:14 +0100 Subject: [PATCH 2/3] Adds crypt scheme list for vars_prompt Added more details on encrypt usage for vars_prompt, including a list of crypt schemes and a ling to the passlib documentation. --- docsite/rst/playbooks2.rst | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/docsite/rst/playbooks2.rst b/docsite/rst/playbooks2.rst index c7dcc07a71..751a9ac04a 100644 --- a/docsite/rst/playbooks2.rst +++ b/docsite/rst/playbooks2.rst @@ -218,7 +218,30 @@ vars_prompt can also crypt the entered value so you can use it, for instance, wi encrypt: "md5_crypt" confirm: yes salt_size: 7 - salt: "foo" + +You can use any crypt scheme supported by `Passlib ` : + +- des_crypt - DES Crypt +- bsdi_crypt - BSDi Crypt +- bigcrypt - BigCrypt +- crypt16 - Crypt16 +- md5_crypt - MD5 Crypt +- bcrypt - BCrypt +- sha1_crypt - SHA-1 Crypt +- sun_md5_crypt - Sun MD5 Crypt +- sha256_crypt - SHA-256 Crypt +- sha512_crypt - SHA-512 Crypt +- apr_md5_crypt - Apache’s MD5-Crypt variant +- phpass - PHPass’ Portable Hash +- pbkdf2_digest - Generic PBKDF2 Hashes +- cta_pbkdf2_sha1 - Cryptacular’s PBKDF2 hash +- dlitz_pbkdf2_sha1 - Dwayne Litzenberger’s PBKDF2 hash +- scram - SCRAM Hash +- bsd_nthash - FreeBSD’s MCF-compatible nthash encoding + + However, the only parameters accepted are 'salt' or 'salt_size'. You can use you own salt using + 'salt', or have one generated automatically using 'salt_size'. If nothing is specified, a salt + of size 8 will be generated. Passing Variables On The Command Line ````````````````````````````````````` From aeed04b73f2c1f4e1fe77bd01cecd2cbf1f666c2 Mon Sep 17 00:00:00 2001 From: Michel Blanc Date: Tue, 5 Mar 2013 17:22:07 +0100 Subject: [PATCH 3/3] Cosmetic fixes Fixed typo in passlib URL link Fixed style in cryp scheme list Fixed bullet 7 in variable precedence section Adds statement regarding passlib requirement --- docsite/rst/playbooks2.rst | 47 +++++++++++++++++++------------------- 1 file changed, 24 insertions(+), 23 deletions(-) diff --git a/docsite/rst/playbooks2.rst b/docsite/rst/playbooks2.rst index 751a9ac04a..ae90f011b9 100644 --- a/docsite/rst/playbooks2.rst +++ b/docsite/rst/playbooks2.rst @@ -209,7 +209,8 @@ some other options, but otherwise works equivalently:: prompt: "Product release version" private: no -vars_prompt can also crypt the entered value so you can use it, for instance, with the user module to define a password:: +If `Passlib `_ is installed, vars_prompt can also crypt the +entered value so you can use it, for instance, with the user module to define a password:: vars_prompt: - name: "my_password2" @@ -219,29 +220,29 @@ vars_prompt can also crypt the entered value so you can use it, for instance, wi confirm: yes salt_size: 7 -You can use any crypt scheme supported by `Passlib ` : +You can use any crypt scheme supported by `Passlib `_ : -- des_crypt - DES Crypt -- bsdi_crypt - BSDi Crypt -- bigcrypt - BigCrypt -- crypt16 - Crypt16 -- md5_crypt - MD5 Crypt -- bcrypt - BCrypt -- sha1_crypt - SHA-1 Crypt -- sun_md5_crypt - Sun MD5 Crypt -- sha256_crypt - SHA-256 Crypt -- sha512_crypt - SHA-512 Crypt -- apr_md5_crypt - Apache’s MD5-Crypt variant -- phpass - PHPass’ Portable Hash -- pbkdf2_digest - Generic PBKDF2 Hashes -- cta_pbkdf2_sha1 - Cryptacular’s PBKDF2 hash -- dlitz_pbkdf2_sha1 - Dwayne Litzenberger’s PBKDF2 hash -- scram - SCRAM Hash -- bsd_nthash - FreeBSD’s MCF-compatible nthash encoding +- *des_crypt* - DES Crypt +- *bsdi_crypt* - BSDi Crypt +- *bigcrypt* - BigCrypt +- *crypt16* - Crypt16 +- *md5_crypt* - MD5 Crypt +- *bcrypt* - BCrypt +- *sha1_crypt* - SHA-1 Crypt +- *sun_md5_crypt* - Sun MD5 Crypt +- *sha256_crypt* - SHA-256 Crypt +- *sha512_crypt* - SHA-512 Crypt +- *apr_md5_crypt* - Apache’s MD5-Crypt variant +- *phpass* - PHPass’ Portable Hash +- *pbkdf2_digest* - Generic PBKDF2 Hashes +- *cta_pbkdf2_sha1* - Cryptacular’s PBKDF2 hash +- *dlitz_pbkdf2_sha1* - Dwayne Litzenberger’s PBKDF2 hash +- *scram* - SCRAM Hash +- *bsd_nthash* - FreeBSD’s MCF-compatible nthash encoding - However, the only parameters accepted are 'salt' or 'salt_size'. You can use you own salt using - 'salt', or have one generated automatically using 'salt_size'. If nothing is specified, a salt - of size 8 will be generated. +However, the only parameters accepted are 'salt' or 'salt_size'. You can use you own salt using +'salt', or have one generated automatically using 'salt_size'. If nothing is specified, a salt +of size 8 will be generated. Passing Variables On The Command Line ````````````````````````````````````` @@ -943,7 +944,7 @@ priority. 6. Host variables from inventory. 7. Group variables from inventory in inheritance order. This means if a group includes a sub-group, the variables -in the subgroup have higher precedence. + in the subgroup have higher precedence. Therefore, if you want to set a default value for something you wish to override somewhere else, the best place to set such a default is in a group variable. The 'group_vars/all' file makes an excellent place to put global