Merge pull request '8025-awxRefactor-debianBootStrap-FinishWorks' (!32) from 8025-awxRefactor-debianBootStrap-FinishWorks into main

Reviewed-on: #32
2024-10-18 07:17:30 +00:00 · 2024-10-18 07:17:30 +00:00 · 2841de3ad1
parent 4be47afe7d 5e6b7ab7ba
commit 2841de3ad1
12 changed files with 51 additions and 46 deletions
--- a/playbooks/debian-once.yml
+++ b/playbooks/debian-once.yml
@ -1,5 +0,0 @@
- name: First time host configuration
-  hosts: all
-  tasks:
-  - import_role:
-      name: debian-once
--- a/roles/debian-base/defaults/main.yaml
+++ b/roles/debian-base/defaults/main.yaml
@ -1,6 +1,5 @@
-vn_witness: false
+vn_first_time: false
 default_user: user
-root_password: Pa$$w0rd
 fail2ban:
  email: "{{ sysadmin_mail }}"
  bantime: 600
--- a/roles/debian-base/tasks/main.yml
+++ b/roles/debian-base/tasks/main.yml
@ -1,5 +1,7 @@
 - import_tasks: witness.yml
  tags: witness
+- import_tasks: root.yml
+  tags: root
 - import_tasks: resolv.yml
  tags: resolv
 - import_tasks: timesync.yml
--- a/roles/debian-base/tasks/root.yml
+++ b/roles/debian-base/tasks/root.yml
@ -0,0 +1,36 @@
+- name: Generate root password
+  when: vn_first_time
+  block:
+    - name: Search root password into Passbolt
+      set_fact:
+        qst: >
+          {{
+            lookup(passbolt, inventory_hostname_short,
+              username='root',
+              uri='ssh://'+hostname_fqdn
+            )
+          }}
+      ignore_errors: true
+- name: Generate and save root password if not found in Passbolt
+  when: qst is not defined
+  block:
+    - name: Generate a random root password
+      set_fact:
+        root_password: "{{ lookup('password', '/dev/null length=18 chars=ascii_letters,digits') }}"
+    - name: Save root password into Passbolt
+      set_fact:
+        msg: >
+          {{
+            lookup(passbolt, inventory_hostname_short,
+              username='root',
+              password=root_password,
+              uri='ssh://'+hostname_fqdn
+            )
+          }}
+      environment:
+        PASSBOLT_CREATE_NEW_RESOURCE: true
+    - name: Change root password
+      user:
+        name: root
+        password: "{{ root_password | password_hash('sha512') }}"
+
--- a/roles/debian-base/tasks/ssh.yml
+++ b/roles/debian-base/tasks/ssh.yml
@ -3,7 +3,7 @@
    path: "/etc/ssh/ssh_host_{{ item.type }}_key"
    type: "{{ item.type }}"
    force: yes
-  when: vn_witness
+  when: vn_first_time
  loop:
    - { type: 'rsa' }
    - { type: 'ecdsa' }
--- a/roles/debian-base/tasks/witness.yml
+++ b/roles/debian-base/tasks/witness.yml
@ -4,9 +4,9 @@
  register: keys_generated_marker
 - name: Generate variable if not exists
  set_fact:
-    vn_witness: "{{ not keys_generated_marker.stat.exists }}"
+    vn_first_time: "{{ not keys_generated_marker.stat.exists }}"
 - name: Create marker file to indicate vn happends
  file:
    path: /etc/vn.witness
    state: touch
-  when: vn_witness
+  when: vn_first_time
--- a/roles/debian-once/defaults/main.yaml
+++ b/roles/debian-once/defaults/main.yaml
@ -1 +0,0 @@
-root_password: Pa$$w0rd
--- a/roles/debian-once/tasks/main.yml
+++ b/roles/debian-once/tasks/main.yml
@ -1,2 +0,0 @@
- import_tasks: root.yml
-  tags: root
--- a/roles/debian-once/tasks/root.yml
+++ b/roles/debian-once/tasks/root.yml
@ -1,26 +0,0 @@
- name: Generate a random root password
-  set_fact:
-    root_password: "{{ lookup('password', '/dev/null length=18 chars=ascii_letters,digits') }}"
- name: Save root password into Passbolt
-  set_fact:
-    msg: >
-      {{
-        lookup(passbolt, inventory_hostname_short,
-          username='root',
-          password=root_password,
-          uri='ssh://'+hostname_fqdn
-        )
-      }}
-  environment:
-    PASSBOLT_CREATE_NEW_RESOURCE: true
- name: Save the root password to file
-  copy:
-    content: "{{ root_password }}\n"
-    dest: /root/root_password.txt
-    owner: root
-    group: root
-    mode: '0600'
- name: Change root password
-  user:
-    name: root
-    password: "{{ root_password | password_hash('sha512') }}"
--- a/roles/debian-qemu/defaults/main.yml
+++ b/roles/debian-qemu/defaults/main.yml
@ -1 +1,6 @@
 homes_path: /mnt/homes
+autofs_packages:
+  - nfs-common
+  - autofs
+  - libnfs-utils
+  - autofs-ldap
--- a/roles/debian-qemu/tasks/autofs.yml
+++ b/roles/debian-qemu/tasks/autofs.yml
@ -1,12 +1,7 @@
 - name: Install autofs packages 
  apt:
-    name: "{{ item }}"
+    name: "{{ autofs_packages }}"
    state: present
-  with_items:
-    - nfs-common
-    - autofs
-    - libnfs-utils
-    - autofs-ldap
 - name: Create homes directory
  file:
    path: "{{ homes_path }}"
@ -33,6 +28,6 @@
    mode: '0644'
  notify: restart-autofs
 - name: Service autofs service
-  service:
+  systemd:
    name: autofs
    enabled: yes
--- a/roles/debian-qemu/tasks/hotplug.yml
+++ b/roles/debian-qemu/tasks/hotplug.yml
@ -12,5 +12,7 @@
    mode: u=rw,g=r,o=r
    owner: root
    group: root
+  register: grub
 - name: Generate GRUB configuration
  command: update-grub
+  when: grub.changed