Refs #8025: Role debian-base. root task. Final fricky things, Galactus mode control passbolt excecptions.

2024-10-17 16:29:38 +02:00 · 2024-10-17 16:29:38 +02:00 · 3bdadb1319
parent df4a8570c6
commit 3bdadb1319
2 changed files with 35 additions and 31 deletions
--- a/roles/debian-base/defaults/main.yaml
+++ b/roles/debian-base/defaults/main.yaml
@ -1,7 +1,5 @@
 root_password: Pa$$w0rd
 vn_witness: false
 default_user: user
 root_password: Pa$$w0rd
 fail2ban:
  email: "{{ sysadmin_mail }}"
  bantime: 600
--- a/roles/debian-base/tasks/root.yml
+++ b/roles/debian-base/tasks/root.yml
@ -1,30 +1,36 @@
- name: Generate a random root password
+- name: Generate root password
  set_fact:
    root_password: "{{ lookup('password', '/dev/null length=18 chars=ascii_letters,digits') }}"
 - name: Save root password into Passbolt
  set_fact:
    msg: >
      {{
        lookup(passbolt, inventory_hostname_short,
          username='root',
          password=root_password,
          uri='ssh://'+hostname_fqdn
        )
      }}
  environment:
    PASSBOLT_CREATE_NEW_RESOURCE: true
  when: vn_witness
- name: Save the root password to file
+  block:
-  copy:
+    - name: Search root password into Passbolt
-    content: "{{ root_password }}\n"
+      set_fact:
-    dest: /root/root_password.txt
+        qst: >
-    owner: root
+          {{
-    group: root
+            lookup(passbolt, inventory_hostname_short,
-    mode: '0600'
+              username='root',
-  when: vn_witness
+              uri='ssh://'+hostname_fqdn
-  register: local
+            )
- name: Change root password
+          }}
-  user:
+      ignore_errors: true
-    name: root
+- name: Generate and save root password if not found in Passbolt
-    password: "{{ root_password | password_hash('sha512') }}"
+  when: qst is not defined
-  when: local.changed
+  block:
    - name: Generate a random root password
      set_fact:
        root_password: "{{ lookup('password', '/dev/null length=18 chars=ascii_letters,digits') }}"
    - name: Save root password into Passbolt
      set_fact:
        msg: >
          {{
            lookup(passbolt, inventory_hostname_short,
              username='root',
              password=root_password,
              uri='ssh://'+hostname_fqdn
            )
          }}
      environment:
        PASSBOLT_CREATE_NEW_RESOURCE: true
    - name: Change root password
      user:
        name: root
        password: "{{ root_password | password_hash('sha512') }}"