Automation

 View Only
last person joined: 23 hours ago 

Ask questions and share experiences about Apstra, Paragon, and all things network automation.
  • 1.  Ansible password configuration

    Posted 29 days ago

    I'm trying to run a password change playbook. When I run it with "minimum-character-changes" configured, which is required by my organization for security, I get the following error: "minimum-character-changes configured, use plain-text-password in cli to configure password".

    When I run the playbook without this configuration, it functions properly. Is there any work around for this while still automating the process?

    ---
    
    # Playbook to change the password on Juniper Switches
    
    - name: Change password on Juniper Switch
      hosts: Juniper_ex4300 # Switch group from inventory file
      gather_facts: no # Not needed
      collections:
        - juniper.device
    
      vars_prompt:
        - name: username
          prompt: Enter the username to update
          private: no
    
        - name: new_password
          prompt: Enter the new password
          private: yes
          confirm: yes
    
      vars:
        salt: salt
    
      tasks:
    
        - name: Generate encrypted password
          ansible.builtin.set_fact:
            encrypted_password: "{{ new_password | password_hash('sha512', salt) }}"
    
        - name: Set password for the user
          juniper.device.config:
            load: set
            lines:
              - set system login user {{ username }} authentication encrypted-password "{{ encrypted_password }}"
            commit: yes
            comment: "User password updated"
    


    ------------------------------
    ETHAN JOHNSON
    ------------------------------


  • 2.  RE: Ansible password configuration

     
    Posted 27 days ago

    Probably it is complaining about encrypted_password ?

    Perhaps try this approach instead.

    ---
    
    # Playbook to change the password on Juniper Switches
    
    - name: Change password on Juniper Switch
      hosts: Juniper_ex4300 # Switch group from inventory file
      gather_facts: no # Not needed
      collections:
        - juniper.device
    
      vars_prompt:
        - name: username
          prompt: Enter the username to update
          private: no
    
        - name: new_password
          prompt: Enter the new password
          private: yes
          confirm: yes
    
      tasks:
    
        - name: Set password for the user
          juniper.device.config:
            load: set
            lines:
              - set system login user {{ username }} authentication plain-text-password-value "{{ new_password }}"
            commit: yes
            comment: "User password updated"

    Regards,




  • 3.  RE: Ansible password configuration

    Posted 27 days ago

    Hi, thank you for the response. I've tried this approach already, along with just using "plain-text-password". The former produces the same error message as the encrypted-password method, and "plain-text-password" is only meant for CLI changes.



    ------------------------------
    ETHAN JOHNSON
    ------------------------------



  • 4.  RE: Ansible password configuration

     
    Posted 27 days ago

    That is why I suggest to use 

    plain-text-password-value

    and not

    plain-text-password

    Regards,




  • 5.  RE: Ansible password configuration

     
    Posted 27 days ago

    Which version of Ansible are you using?

    Thanks.




  • 6.  RE: Ansible password configuration

    Posted 26 days ago

    Yes, I understand. However, using "plain-text-password-value" still gives the same error message: "minimum-character-changes configured, use plain-text-password in cli to configure password". I'm using Ansible 11.3.0, and Ansible-core 2.18.3. This problem is a unique scenario invoked by the minimum-character-changes configuration.



    ------------------------------
    ETHAN JOHNSON
    ------------------------------