From f15485e7c2d5cd53fbffbde53377ad0bf59abfb4 Mon Sep 17 00:00:00 2001 From: djpbessems Date: Thu, 10 Jun 2021 16:53:03 +0200 Subject: [PATCH] Fix password hashing;Delete temporary user;Housekeeping --- .../files/ansible_payload/roles/cleanup/tasks/main.yml | 2 +- .../files/ansible_payload/roles/users/tasks/main.yml | 2 +- .../files/ansible_payload/roles/vapp/tasks/main.yml | 2 +- ansible/roles/os/tasks/main.yml | 3 +++ ansible/roles/os/tasks/users.yml | 5 +++++ 5 files changed, 11 insertions(+), 3 deletions(-) create mode 100644 ansible/roles/os/tasks/users.yml diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/cleanup/tasks/main.yml b/ansible/roles/firstboot/files/ansible_payload/roles/cleanup/tasks/main.yml index f52895f..a294630 100644 --- a/ansible/roles/firstboot/files/ansible_payload/roles/cleanup/tasks/main.yml +++ b/ansible/roles/firstboot/files/ansible_payload/roles/cleanup/tasks/main.yml @@ -4,4 +4,4 @@ state: absent - name: Reboot host ansible.builtin.shell: - cmd: reboot now + cmd: /usr/sbin/reboot now diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/users/tasks/main.yml b/ansible/roles/firstboot/files/ansible_payload/roles/users/tasks/main.yml index 47c5f45..e3b01cf 100644 --- a/ansible/roles/firstboot/files/ansible_payload/roles/users/tasks/main.yml +++ b/ansible/roles/firstboot/files/ansible_payload/roles/users/tasks/main.yml @@ -1,7 +1,7 @@ - name: Set root password ansible.builtin.user: name: root - password: "{{ ovfproperties['guestinfo.rootpw'] }}" + password: "{{ ovfproperties['guestinfo.rootpw'] | password_hash('sha512', 65534 | random(seed=ovfproperties['guestinfo.hostname']) | string) }}" generate_ssh_key: yes ssh_key_bits: 2048 ssh_key_file: .ssh/id_rsa diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/vapp/tasks/main.yml b/ansible/roles/firstboot/files/ansible_payload/roles/vapp/tasks/main.yml index 4b0b72c..ed6dfe4 100644 --- a/ansible/roles/firstboot/files/ansible_payload/roles/vapp/tasks/main.yml +++ b/ansible/roles/firstboot/files/ansible_payload/roles/vapp/tasks/main.yml @@ -1,6 +1,6 @@ - name: Store current ovfEnvironment ansible.builtin.shell: - cmd: vmtoolsd --cmd "info-get guestinfo.ovfEnv" + cmd: /usr/bin/vmtoolsd --cmd "info-get guestinfo.ovfEnv" register: ovfenv - name: Parse XML for vApp properties community.general.xml: diff --git a/ansible/roles/os/tasks/main.yml b/ansible/roles/os/tasks/main.yml index d896e50..df16b58 100644 --- a/ansible/roles/os/tasks/main.yml +++ b/ansible/roles/os/tasks/main.yml @@ -15,3 +15,6 @@ - name: Install ansible import_tasks: ansible.yml + +- name: Delete temporary users + import_tasks: users.yml diff --git a/ansible/roles/os/tasks/users.yml b/ansible/roles/os/tasks/users.yml new file mode 100644 index 0000000..42cc699 --- /dev/null +++ b/ansible/roles/os/tasks/users.yml @@ -0,0 +1,5 @@ +- name: Delete 'ubuntu' user + ansible.builtin.user: + name: ubuntu + state: absent + remove: yes