26 lines
940 B
YAML
26 lines
940 B
YAML
- name: Set root password
|
|
ansible.builtin.user:
|
|
name: root
|
|
password: "{{ ovfproperties['guestinfo.rootpw'] | password_hash('sha512', 65534 | random(seed=ovfproperties['guestinfo.hostname']) | string) }}"
|
|
generate_ssh_key: yes
|
|
ssh_key_bits: 2048
|
|
ssh_key_file: .ssh/id_rsa
|
|
- name: Save root SSH publickey
|
|
ansible.builtin.lineinfile:
|
|
path: /root/.ssh/authorized_keys
|
|
line: "{{ ovfproperties['guestinfo.rootsshkey'] }}"
|
|
- name: Disable SSH password authentication
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regex: "{{ item.regex }}"
|
|
line: "{{ item.line }}"
|
|
state: "{{ item.state }}"
|
|
loop:
|
|
- { regex: '^#PasswordAuthentication', line: 'PasswordAuthentication no', state: present}
|
|
- { regex: '^PasswordAuthentication yes', line: 'PasswordAuthentication yes', state: absent}
|
|
- name: Delete 'ubuntu' user
|
|
ansible.builtin.user:
|
|
name: ubuntu
|
|
state: absent
|
|
remove: yes
|