46 lines
1.3 KiB
YAML
46 lines
1.3 KiB
YAML
- name: Set the root password changed witness variable
|
|
set_fact:
|
|
root_pass_changed: "{{ vn_ini.witness.root_pass_changed | default(false) }}"
|
|
- when: vn_witness_checked and not root_pass_changed
|
|
block:
|
|
- name: Search root password in Passbolt
|
|
ignore_errors: true
|
|
no_log: true
|
|
set_fact:
|
|
passbolt_password: >
|
|
{{
|
|
lookup(passbolt, inventory_hostname_short,
|
|
username='root',
|
|
uri='ssh://'+hostname_fqdn
|
|
)
|
|
}}
|
|
- when: passbolt_password is not defined
|
|
block:
|
|
- name: Generate a random root password
|
|
no_log: true
|
|
set_fact:
|
|
root_password: "{{ lookup('password', '/dev/null length=18 chars=ascii_letters,digits') }}"
|
|
- name: Save root password into Passbolt
|
|
no_log: true
|
|
set_fact:
|
|
msg: >
|
|
{{
|
|
lookup(passbolt, inventory_hostname_short,
|
|
username='root',
|
|
password=root_password,
|
|
uri='ssh://'+hostname_fqdn
|
|
)
|
|
}}
|
|
environment:
|
|
PASSBOLT_CREATE_NEW_RESOURCE: true
|
|
- name: Change root password
|
|
user:
|
|
name: root
|
|
password: "{{ root_password | password_hash('sha512') }}"
|
|
- name: Set root password generated witness
|
|
ini_file:
|
|
path: /etc/vn.ini
|
|
section: witness
|
|
option: root_pass_changed
|
|
value: true
|