Passwort (#77)

* Set Password mg - untested * Playbook set Password mg * Keepass - Kennwort Update: User linux: mg + private Key ansible-user * Passwort Var Linux user mg umbenannt * Bootstrap: KennwörterVars angepasst + setze Password mg IMMER
2020-12-02 10:49:08 +01:00 · 2020-12-02 10:49:08 +01:00 · 4818ef25ef
commit 4818ef25ef
parent 84c1c7bd0e
5 changed files with 35 additions and 5 deletions
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@ -32,7 +32,7 @@
  ### ryandaniels.create_users
  users:
  - username: mg
-    password: "{{ lookup('keepass', 'linux_mg_user_password', 'password') }}"
+    password: "{{ lookup('keepass', 'linux_mg_user_password_hash', 'password') }}"
    update_password: on_create
    ssh_key: "{{ lookup('keepass', 'ssh_pubkey_mg', 'password') }}"
    use_sudo: yes
--- a/group_vars/docker.yml
+++ b/group_vars/docker.yml
@ -20,7 +20,7 @@
  ### ryandaniels.create_users
  users:
  - username: mg
-    password: "{{ lookup('keepass', 'linux_mg_user_password', 'password') }}"
+    password: "{{ lookup('keepass', 'linux_mg_user_password_hash', 'password') }}"
    update_password: on_create
    ssh_key: "{{ lookup('keepass', 'ssh_pubkey_mg', 'password') }}"
    use_sudo: yes
--- a/keepass_db.kdbx
+++ b/keepass_db.kdbx
--- a/playbooks/base/1_bootstrap.yml
+++ b/playbooks/base/1_bootstrap.yml
@ -5,9 +5,25 @@
    max_fail_percentage: 20%

    roles:
-      - { role: robertdebock.bootstrap, tags: "bootstrap" }
-      - { role: ryandaniels.create_users, tags: "user", become: yes }
-      - { role: nickjj.ansible-user, tag: "ansible", become: yes }
+      - { role: robertdebock.bootstrap,
+        tags: "bootstrap"
+        }
+      - { role: ryandaniels.create_users,
+        tags: "user",
+        become: yes
+        }
+      - { role: nickjj.ansible-user,
+        tag: "ansible",
+        become: yes,
+        ansible_password: "{{ lookup('keepass', 'linux_mg_user_password_cleartext', 'password') }}",
+        ansible_become_password: "{{ lookup('keepass', 'linux_mg_user_password_cleartext', 'password') }}"
+        }
+    tasks:
+      - name: Change user password
+        user:
+          name: mg
+          update_password: always
+          password: "{{ lookup('keepass', 'linux_mg_user_password_hash', 'password') }}"

    vars:
      ### nickjj.ansible-users
--- a/playbooks/on-off/set_password_mg.yml
+++ b/playbooks/on-off/set_password_mg.yml
@ -0,0 +1,14 @@
+---
+- hosts: all
+  become: yes
+  tasks:
+    - name: Change user password
+      user:
+        name: mg
+        update_password: always
+        password: "{{ lookup('keepass', 'linux_mg_user_password_hash', 'password') }}" #hier muss der hash rein
+
+# Hash erstellen
+# python -c 'import crypt,getpass; print(getpass.getpass("Name: ")+":"+crypt.crypt(getpass.getpass(),crypt.mksalt(crypt.METHOD_SHA512)))'
+# oder
+# mkpasswd --method=SHA-512 <passwort>