ansible-node-exporter
ansible-node-exporter copied to clipboard
cloudalchemy
Basic Authentication password hashing
What did you do?
I'm currently trying to set up a node_exporter on a test server using both TLS and basic authentication.
I have setup a simple user in my playbook as mentioned in the README.
node_exporter_basic_auth_users:
user: password
But this results in the following config file on the remote machine:
basic_auth_users:
user: *0
Changing the password to something else does not affect the *0 field.
The following error is also raised when the node_exporter is starting up:
level=error ts=2020-10-14T13:31:20.226Z caller=node_exporter.go:194 err="yaml: unknown anchor '0' referenced"
The exporter works well if no users are specified. Any idea where I could have made a mistake?
Did you expect to see some different? No crash on start up and a correctly hashed password in the config file.
Environment
-
Role version:
0.22.0 -
Ansible version information:
ansible 2.9.12
config file = None
configured module search path = ['/home/tdh/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/tdh/.local/lib/python3.8/site-packages/ansible
executable location = /home/tdh/.local/bin/ansible
python version = 3.8.2 (default, Apr 27 2020, 15:53:34) [GCC 9.3.0]
- Variables:
node_exporter_basic_auth_users:
user: password
What is the ansible output from running the role? Could you run it with higher verbosity and attach output of Copy the node_exporter config file task?
Here you go:
TASK [cloudalchemy.node-exporter : Copy the node_exporter config file] *************************************************************************************************************************************************************************************************
...
I seem to have fixed the issue :).
pip3 install passlib[bcrypt]
I do not see any mention/error regarding the missing package in the log though...
Could you add this package requirement to https://github.com/cloudalchemy/ansible-node-exporter#requirements section in README?
It seems like an ansible bug in password_hash jinja function. I would expect it to fail if bcrypt is specified but not installed.
Here is the pull request: https://github.com/cloudalchemy/ansible-node-exporter/pull/184
By the way, I have noticed I get a warning regarding bcrypt:
TASK [cloudalchemy.node-exporter : Copy the node_exporter config file] *************************************************************************************************************************************************************************************************
/home/tdh/.local/lib/python3.8/site-packages/passlib/handlers/bcrypt.py:243: PasslibHashWarning: encountered a bcrypt salt with incorrectly set padding bits; you may want to use bcrypt.normhash() to fix this; this will be an error under Passlib 2.0
warn(
```
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
I've hit this issue as well after running the ansible task once more a few months later. It's troublesome when things are buggy / don't work reliably in OPS.
I seem to have fixed the issue :).
pip3 install passlib[bcrypt]
A note for myself: this should be run on your local machine (where you run ansible), not on the target host!
