quico-ansible/role-common-local_os_password
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

merge into: quico-ansible:main
Branches Tags
quico-ansible:main
quico-ansible:dev
quico-ansible:1.0.0
quico-ansible:v0.2.0
quico-ansible:v0.1.0
...
pull from: quico-ansible:dev
Branches Tags
quico-ansible:main
quico-ansible:dev
quico-ansible:1.0.0
quico-ansible:v0.2.0
quico-ansible:v0.1.0

3 Commits
main ... dev

Author SHA1 Message Date
hygienic-books
d23fcf6496 fix(role): Clarify HashiCorp Vault kv secrets hierarchy example 2022-07-24 03:18:38 +02:00
hygienic-books
7d8516e170 docs(role): Typo 2022-07-24 03:11:28 +02:00
hygienic-books
6560212d81 docs(role): Document example tasks output 2022-07-24 03:07:25 +02:00
1 changed files with 30 additions and 1 deletions
Show Stats Expand all files Collapse all files

31
README.md
View File

@ -6,7 +6,7 @@ An Ansible role to change an operating system's local user password
This role requires variables defined in [defaults/main.yml](defaults/main.yml). Feel free to overwrite them as needed for your HashiCorp Vault setup for example in a `group_vars` or `host_vars` file.
* `fqdn_reverse`: A variable that contains the reversed fully qualified domain name for each host. For `fully.qualified.domain.name` this variable will equal `name.domain.qualified.fully`. Consider this a suggestion for how to set up your HashiCorp Vault `kv` secrets hierarchy.
* `fqdn_reverse`: A variable that contains the reversed fully qualified domain name for each host with each dot (`.`) replaced by a slash (`/`). For `fully.qualified.domain.name` this variable will equal `name/domain/qualified/fully`. Consider this a suggestion for how to set up your HashiCorp Vault `kv` secrets hierarchy.
* `local_os_password_vault_vars`: The variables you want extracted from your Vault instance, by default `['password', 'password_salt']` which contain the new password to set for the local account and a salt, respectively.
@ -26,3 +26,32 @@ In your `playbook.yml` call it like so:
roles:
- 'role_common_local-os-password'
```
# Output
Ansible tasks output is for example:
```
...
TASK [role_common_local-os-password : Get secrets] *************************************************
ok: [fully.qualified.domain.name] => (item=None)
ok: [fully.qualified.domain.name] => (item=None)
ok: [fully.qualified.domain.name]
TASK [role_include_vault-check : If a secret is missing: Fail progress] ****************************
ok: [fully.qualified.domain.name] => (item=password) => {
"msg": "Vault has secret 'password' at 'name/domain/qualified/fully/os/root'"
}
ok: [fully.qualified.domain.name] => (item=password_salt) => {
"msg": "Vault has secret 'password_salt' at 'name/domain/qualified/fully/os/root'"
}
TASK [role_common_local-os-password : Set fact: New OS local account password] *********************
ok: [fully.qualified.domain.name]
TASK [role_common_local-os-password : Set local OS account password] *******************************
ok: [fully.qualified.domain.name]
...
```