Refs #8025: Role debian-base. root task. Final fricky things, Galactus mode control passbolt excecptions.
This commit is contained in:
parent
df4a8570c6
commit
3bdadb1319
|
@ -1,7 +1,5 @@
|
|||
root_password: Pa$$w0rd
|
||||
vn_witness: false
|
||||
default_user: user
|
||||
root_password: Pa$$w0rd
|
||||
fail2ban:
|
||||
email: "{{ sysadmin_mail }}"
|
||||
bantime: 600
|
||||
|
|
|
@ -1,30 +1,36 @@
|
|||
- name: Generate a random root password
|
||||
set_fact:
|
||||
root_password: "{{ lookup('password', '/dev/null length=18 chars=ascii_letters,digits') }}"
|
||||
- name: Save root password into Passbolt
|
||||
set_fact:
|
||||
msg: >
|
||||
{{
|
||||
lookup(passbolt, inventory_hostname_short,
|
||||
username='root',
|
||||
password=root_password,
|
||||
uri='ssh://'+hostname_fqdn
|
||||
)
|
||||
}}
|
||||
environment:
|
||||
PASSBOLT_CREATE_NEW_RESOURCE: true
|
||||
- name: Generate root password
|
||||
when: vn_witness
|
||||
- name: Save the root password to file
|
||||
copy:
|
||||
content: "{{ root_password }}\n"
|
||||
dest: /root/root_password.txt
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0600'
|
||||
when: vn_witness
|
||||
register: local
|
||||
- name: Change root password
|
||||
user:
|
||||
name: root
|
||||
password: "{{ root_password | password_hash('sha512') }}"
|
||||
when: local.changed
|
||||
block:
|
||||
- name: Search root password into Passbolt
|
||||
set_fact:
|
||||
qst: >
|
||||
{{
|
||||
lookup(passbolt, inventory_hostname_short,
|
||||
username='root',
|
||||
uri='ssh://'+hostname_fqdn
|
||||
)
|
||||
}}
|
||||
ignore_errors: true
|
||||
- name: Generate and save root password if not found in Passbolt
|
||||
when: qst is not defined
|
||||
block:
|
||||
- name: Generate a random root password
|
||||
set_fact:
|
||||
root_password: "{{ lookup('password', '/dev/null length=18 chars=ascii_letters,digits') }}"
|
||||
- name: Save root password into Passbolt
|
||||
set_fact:
|
||||
msg: >
|
||||
{{
|
||||
lookup(passbolt, inventory_hostname_short,
|
||||
username='root',
|
||||
password=root_password,
|
||||
uri='ssh://'+hostname_fqdn
|
||||
)
|
||||
}}
|
||||
environment:
|
||||
PASSBOLT_CREATE_NEW_RESOURCE: true
|
||||
- name: Change root password
|
||||
user:
|
||||
name: root
|
||||
password: "{{ root_password | password_hash('sha512') }}"
|
||||
|
||||
|
|
Loading…
Reference in New Issue