Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ---
- # File: /etc/ansible/playbooks/prod/update_root_pw.yml
- # Authors: bgstack15
- # Startdate: 2017-10-24
- # Title: Playbook that updates the local root password
- # Purpose: Makes it easy to update the root password
- # Usage:
- # time ansible-playbook /etc/ansible/playbooks/prod/update_root_pw.yml -i /etc/ansible/dc3.inv -l el7test14 -v --ask-vault-pass
- # Make file /home/ansible/rootpw.yml with the contents:
- # ---
- # password: "super$ecretpa5swOrdmy"
- # ...
- # Encrypt with:
- # ansible-vault encrypt /home/ansible/rootpw.yml
- # Reference:
- # Version: 2017-10-24a
- # Notes:
- - hosts: all
- vars_files:
- - /home/ansible/rootpw.yml
- tasks:
- - block:
- # alternatives include yum: package=expect state=present
- - name: Move pexpect-3.3 to server and untar
- unarchive:
- src: /etc/ansible/templates/pexpect-3.3.tar.gz
- dest: /usr/
- owner: root
- group: root
- mode: 0770
- - name: Install pexpect
- command: /usr/bin/python setup.py install
- args:
- chdir: /usr/pexpect-3.3/
- # for some reason this does not work: user: name=root password="{{ password }}"
- - name: Set password to permanent password
- expect:
- command: passwd root
- responses:
- (?i)password: "{{ password }}"
- - name: Password last set on today, with minimum password life of 0 days
- command: chage -d "{{ ansible_date_time.date }}" -m 0 -E -1 -M -1 root
- - name: Set expiration date of never
- command: usermod -e -1 root
- register: usermod
- changed_when: 'usermod.stderr != "usermod: no changes"'
- become: yes
- ...
Add Comment
Please, Sign In to add comment
