refs #8025 Create passbolt password, FQDN fix

2024-10-07 18:39:47 +02:00 · 2024-10-07 18:39:47 +02:00 · bd310a73df
parent 0936c97025
commit bd310a73df
8 changed files with 41 additions and 7 deletions
--- a/inventories/group_vars/all.yml
+++ b/inventories/group_vars/all.yml
@ -1,4 +1,5 @@
-ansible_host: "{{inventory_hostname_short}}.{{host_domain}}"
+hostname_fqdn: "{{inventory_hostname_short}}.{{host_domain}}"
+ansible_host: "{{hostname_fqdn}}"
 passbolt: 'anatomicjc.passbolt.passbolt'
 passbolt_inventory: 'anatomicjc.passbolt.passbolt_inventory'
 sysadmin_mail: sysadmin@verdnatura.es
@ -20,3 +21,4 @@ awx_pub_key: >
  ssh-ed25519 
  AAAAC3NzaC1lZDI1NTE5AAAAIKzAwWm+IsqZCgMzjdZ7Do3xWtVtoUCpWJpH7KSi2a/H 
  awx@verdnatura.es
+pb_folder: e0d517be-6783-4b97-9742-acaa9b09742f
--- a/inventories/lab
+++ b/inventories/lab
@ -1,5 +1,6 @@
 [all:vars]
 host_domain=lab.verdnatura.es
+pb_servers_folder=7007ba58-99a5-44f9-8808-8160137ce232

 [cephlab]
 cephlab[01:03]
--- a/inventories/servers
+++ b/inventories/servers
@ -1,5 +1,6 @@
 [all:vars]
 host_domain=servers.dc.verdnatura.es
+pb_servers_folder=fe08b909-ee3c-4257-b0b4-e088b16ca379

 [kube_master]
 kube-master[1:5]
--- a/playbooks/passbolt.yml
+++ b/playbooks/passbolt.yml
@ -1,6 +1,19 @@
- name: Fetch passbolt password
+- name: Fetch or create passbolt password
  hosts: all
  gather_facts: no
  tasks:
  - debug:
-      msg: "Password: {{ lookup(passbolt, 'test').password }}"
+      msg: >
+        {{
+          lookup(passbolt, 'test',
+            username='root',
+            password=pb_password,
+            folder_parent_id=pb_folder
+          )
+        }}
+    vars:
+      pb_password: 'S3cR3tP4$$w0rd'
+    environment:
+      PASSBOLT_CREATE_NEW_RESOURCE: true
+      PASSBOLT_NEW_RESOURCE_PASSWORD_LENGTH: 18
+      PASSBOLT_NEW_RESOURCE_PASSWORD_SPECIAL_CHARS: false
--- a/requirements.txt
+++ b/requirements.txt
@ -1,2 +1,3 @@
 py-passbolt==0.0.18
 cryptography==3.3.2
+passlib==1.7.4
--- a/roles/debian-guest/templates/nslcd.conf
+++ b/roles/debian-guest/templates/nslcd.conf
@ -8,7 +8,7 @@ idle_timelimit 60

 base {{ ldap_base }}
 binddn cn=nss,ou=admins,{{ ldap_base }}
-bindpw {{ lookup(passbolt, 'nslcd').password }}
+bindpw {{ lookup(passbolt, 'nslcd', folder_parent_id=pb_folder).password }}
 pagesize 500

 filter group (&(objectClass=posixGroup)(cn={{ sysadmin_group }}))
--- a/roles/debian-host/tasks/hostname.yml
+++ b/roles/debian-host/tasks/hostname.yml
@ -9,4 +9,4 @@
    marker_end: '--- END VN ---'
    marker: "# {mark}"
    block: |
-      {{ ansible_default_ipv4.address }} {{ ansible_host }} {{ inventory_hostname_short }}
+      {{ ansible_default_ipv4.address }} {{hostname_fqdn}} {{ inventory_hostname_short }}
--- a/roles/debian-once/tasks/root.yml
+++ b/roles/debian-once/tasks/root.yml
@ -1,13 +1,29 @@
 - name: Generate a random root password
  set_fact:
-    root_password: "{{ lookup('password', '/dev/null length=18 chars=ascii_letters,digits') }}"
- name: Save the root password to a file
+    root_password: >
+      {{ lookup('password', '/dev/null length=18 chars=ascii_letters,digits') }}
+- name: Save root password into Passbolt
+  debug:
+    msg: >
+      {{
+        lookup(passbolt, inventory_hostname_short,
+          username='root',
+          password=root_password,
+          uri='ssh://'+hostname_fqdn,
+          folder_parent_id=pb_servers_folder
+        )
+      }}
+  environment:
+    PASSBOLT_CREATE_NEW_RESOURCE: true
+  when: pb_folder is defined
+- name: Save the root password to file
  copy:
    content: "{{ root_password }}\n"
    dest: /root/root_password.txt
    owner: root
    group: root
    mode: '0600'
+  when: pb_folder is not defined
 - name: Change root password
  user:
    name: root