quico-ansible/role-common-local_os_password

Go to file

semantic-release 65d8112b0d 0.2.0

Automatically generated by python-semantic-release

2022-07-24 03:00:56 +02:00

defaults

feat(role): Set and document defaults to make this ready to use out of the box

2022-07-24 03:00:24 +02:00

README.md

role_common_local-os-password

An Ansible role to change an operating system's local user password

Defaults

This role requires variables defined in defaults/main.yml. Feel free to overwrite them as needed for your HashiCorp Vault setup for example in a group_vars or host_vars file.

fqdn_reverse: A variable that contains the reversed fully qualified domain name for each host. For fully.qualified.domain.name this variable will equal name.domain.qualified.fully. Consider this a suggestion for how to set up your HashiCorp Vault kv secrets hierarchy.
local_os_password_vault_vars: The variables you want extracted from your Vault instance, by default ['password', 'password_salt'] which contain the new password to set for the local account and a salt, respectively.
local_os_password_vault_base: The base path where all of local_os_password_vault_vars are located in Vault.
local_os_password_vault_paths: The product of both local_os_password_vault_base and local_os_password_vault_vars stored in a dictionary. This is what the role uses in its vault_kv2_get lookup.
reset_password_for_account: The account for which you'd like to change its local account password, defaults to root.

Use it

In your playbook.yml call it like so:

- name: 'Awesome playbook'
  hosts: all
  roles:
    - 'role_common_local-os-password'