[libvirt] [jenkins-ci PATCH] lcitool: Don't encrypt password manually
Martin Kletzander
mkletzan at redhat.com
Tue Sep 4 08:49:53 UTC 2018
Since version 1.9 ansible supports password_hash filter that can do that for us.
Signed-off-by: Martin Kletzander <mkletzan at redhat.com>
---
guests/lcitool | 29 +------------------------
guests/playbooks/update/tasks/users.yml | 2 +-
2 files changed, 2 insertions(+), 29 deletions(-)
diff --git a/guests/lcitool b/guests/lcitool
index 2901a92c507b..ad1eee288620 100755
--- a/guests/lcitool
+++ b/guests/lcitool
@@ -151,34 +151,7 @@ class Config:
return vault_pass_file
def get_root_password_file(self):
- root_pass_file = self._get_config_file("root-password")
- root_hash_file = self._get_config_file(".root-password.hash")
-
- try:
- with open(root_pass_file, "r") as infile:
- root_pass = infile.readline().strip()
- except Exception:
- raise Error(
- "Missing or invalid root password file ({})".format(
- root_pass_file,
- )
- )
-
- # The hash will be different every time we run, but that doesn't
- # matter - it will still validate the correct root password
- root_hash = crypt.crypt(root_pass, Util.mksalt())
-
- try:
- with open(root_hash_file, "w") as infile:
- infile.write("{}\n".format(root_hash))
- except Exception:
- raise Error(
- "Can't write hashed root password file ({})".format(
- root_hash_file,
- )
- )
-
- return root_hash_file
+ return self._get_config_file("root-password")
class Inventory:
diff --git a/guests/playbooks/update/tasks/users.yml b/guests/playbooks/update/tasks/users.yml
index ec7f798a9c00..0a930d6c382c 100644
--- a/guests/playbooks/update/tasks/users.yml
+++ b/guests/playbooks/update/tasks/users.yml
@@ -2,7 +2,7 @@
- name: 'root: Set password'
user:
name: root
- password: '{{ lookup("file", root_password_file) }}'
+ password: '{{ lookup("file", root_password_file)|password_hash("sha512") }}'
shell: '{{ bash }}'
- name: 'root: Configure ssh access'
--
2.18.0
More information about the libvir-list
mailing list