From e9f52640ba1e557e91c9a559cba954e2e3963533 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Sun, 20 Oct 2024 14:12:46 +0200 Subject: [PATCH] refs #8025 root witness fixes, requirements fixes --- ansible.cfg | 2 +- collections/requirements.yml | 2 +- context/_build/requirements.txt | 2 +- context/_build/requirements.yml | 6 ++++++ roles/debian-base/tasks/root.yml | 25 +++++++++++-------------- roles/debian-base/tasks/witness.yml | 10 +++++----- 6 files changed, 25 insertions(+), 22 deletions(-) diff --git a/ansible.cfg b/ansible.cfg index 71a9166..388e34c 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -2,7 +2,7 @@ remote_user = root host_key_checking = False roles_path = ./roles -inventory = ./inventories/lab +inventory = ./inventories/local gathering = smart interpreter_python = auto_silent deprecation_warnings = False diff --git a/collections/requirements.yml b/collections/requirements.yml index f0046d8..06699db 100644 --- a/collections/requirements.yml +++ b/collections/requirements.yml @@ -12,5 +12,5 @@ collections: version: '>=2.14.0' type: galaxy - name: community.general - vesion: '>=6.6.2' + version: '>=9.5.0' type: galaxy diff --git a/context/_build/requirements.txt b/context/_build/requirements.txt index 6e1059a..a0e207b 100644 --- a/context/_build/requirements.txt +++ b/context/_build/requirements.txt @@ -1,3 +1,3 @@ py-passbolt==0.0.18 cryptography==3.3.2 -PGPy==0.6.0 \ No newline at end of file +passlib==1.7.4 diff --git a/context/_build/requirements.yml b/context/_build/requirements.yml index a97df8d..06699db 100644 --- a/context/_build/requirements.yml +++ b/context/_build/requirements.yml @@ -8,3 +8,9 @@ collections: - name: anatomicjc.passbolt version: '>=0.0.14' type: galaxy +- name: community.crypto + version: '>=2.14.0' + type: galaxy +- name: community.general + version: '>=9.5.0' + type: galaxy diff --git a/roles/debian-base/tasks/root.yml b/roles/debian-base/tasks/root.yml index a1d4449..af90446 100644 --- a/roles/debian-base/tasks/root.yml +++ b/roles/debian-base/tasks/root.yml @@ -1,18 +1,15 @@ -- name: Generate root password +- name: Search root password in Passbolt when: vn_first_time - block: - - name: Search root password into Passbolt - set_fact: - qst: > - {{ - lookup(passbolt, inventory_hostname_short, - username='root', - uri='ssh://'+hostname_fqdn - ) - }} - ignore_errors: true -- name: Generate and save root password if not found in Passbolt - when: qst is not defined + ignore_errors: true + set_fact: + pb_password: > + {{ + lookup(passbolt, inventory_hostname_short, + username='root', + uri='ssh://'+hostname_fqdn + ) + }} +- when: vn_first_time and pb_password is not defined block: - name: Generate a random root password set_fact: diff --git a/roles/debian-base/tasks/witness.yml b/roles/debian-base/tasks/witness.yml index b5e5dae..9c50ccd 100644 --- a/roles/debian-base/tasks/witness.yml +++ b/roles/debian-base/tasks/witness.yml @@ -1,11 +1,11 @@ -- name: Check if witness have been generated +- name: Check if witness file exists stat: path: /etc/vn.witness - register: keys_generated_marker -- name: Generate variable if not exists + register: witness_file +- name: Set the witness variable set_fact: - vn_first_time: "{{ not keys_generated_marker.stat.exists }}" -- name: Create marker file to indicate vn happends + vn_first_time: "{{ not witness_file.stat.exists }}" +- name: Create the witness file if it does not exist file: path: /etc/vn.witness state: touch