Page MenuHomeVyOS Platform
Create Task
Maniphest T6818

Ansible [vyos_config] unable to update encrypted-password
Closed, ResolvedPublicBUG
Actions

Description

Trying to set the encrypted-password key does not work when using vyos_config, because of a filter on the commands to run on the target here.
I would like to be able to set the encrypted-password to be the same on all of my devices, without having to deal cleartext passwords in my ansible output diff.

Details

Version
2.3.0
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Event Timeline

syncer created this task.Oct 26 2024, 12:38 AM
syncer triaged this task as Normal priority.
vyosbot added a project: Bugs.Oct 26 2024, 6:08 AM
pasik subscribed.Oct 26 2024, 8:20 AM
syncer added a subscriber: Global Notifications.Nov 1 2024, 9:16 PM
gaige subscribed.Jan 6 2025, 12:26 PM

The recent updates to vyos_user should support updating encrypted passwords, including appropriately understanding if there was a change.

gaige closed this task as Resolved.Feb 12 2025, 10:43 AM
gaige claimed this task.

Module updates (6.0.0) add support for encrypted passwords, including idempotence and tests.

gaige added a comment.Apr 26 2026, 1:00 PM

I believe the intent of the existing filters is to prevent accidental password changes. For an automation solution, I don't see significant value in changing this behavior, except to remove the plaintext variant as well. The intention here is to prevent accidental overwrite of passwords during the configuration step. The existing vyos_user should be used for handling password changes.

gaige added a comment.Apr 26 2026, 1:02 PM

If a change is made to remove this, I think it should be safely placed behind an explicit configuration parameter for the vyos_config