bgstack15/update_root_pw.yml

## update_root_pw.yml
---
# File: /etc/ansible/playbooks/prod/update_root_pw.yml
# Authors: bgstack15
# Startdate: 2017-10-24
# Title: Playbook that updates the local root password
# Purpose: Makes it easy to update the root password
# Usage:
#    time ansible-playbook /etc/ansible/playbooks/prod/update_root_pw.yml -i /etc/ansible/dc3.inv -l el7test14 -v --ask-vault-pass
#    Make file /home/ansible/rootpw.yml with the contents:
#    ---
#    password: "super$ecretpa5swOrdmy"
#    ...
#    Encrypt with:
#    ansible-vault encrypt /home/ansible/rootpw.yml
# Reference:
# Version: 2017-10-24a
# Notes:

- hosts: all
  vars_files:
    - /home/ansible/rootpw.yml
  tasks:

    - block:

      # alternatives include yum: package=expect state=present
      - name: Move pexpect-3.3 to server and untar
        unarchive:
          src: /etc/ansible/templates/pexpect-3.3.tar.gz
          dest: /usr/
          owner: root
          group: root
          mode: 0770

      - name: Install pexpect
        command: /usr/bin/python setup.py install
        args:
          chdir: /usr/pexpect-3.3/

      # for some reason this does not work: user: name=root password="{{ password }}"
      - name: Set password to permanent password
        expect:
          command: passwd root
          responses:
            (?i)password: "{{ password }}"

      - name: Password last set on today, with minimum password life of 0 days
        command: chage -d "{{ ansible_date_time.date }}" -m 0 -E -1 -M -1 root

      - name: Set expiration date of never
        command: usermod -e -1 root
        register: usermod
        changed_when: 'usermod.stderr != "usermod: no changes"'

      become: yes
...
	---
	# File: /etc/ansible/playbooks/prod/update_root_pw.yml
	# Authors: bgstack15
	# Startdate: 2017-10-24
	# Title: Playbook that updates the local root password
	# Purpose: Makes it easy to update the root password
	# Usage:
	# time ansible-playbook /etc/ansible/playbooks/prod/update_root_pw.yml -i /etc/ansible/dc3.inv -l el7test14 -v --ask-vault-pass
	# Make file /home/ansible/rootpw.yml with the contents:
	# ---
	# password: "super$ecretpa5swOrdmy"
	# ...
	# Encrypt with:
	# ansible-vault encrypt /home/ansible/rootpw.yml
	# Reference:
	# Version: 2017-10-24a
	# Notes:

	- hosts: all
	vars_files:
	- /home/ansible/rootpw.yml
	tasks:

	- block:

	# alternatives include yum: package=expect state=present
	- name: Move pexpect-3.3 to server and untar
	unarchive:
	src: /etc/ansible/templates/pexpect-3.3.tar.gz
	dest: /usr/
	owner: root
	group: root
	mode: 0770

	- name: Install pexpect
	command: /usr/bin/python setup.py install
	args:
	chdir: /usr/pexpect-3.3/

	# for some reason this does not work: user: name=root password="{{ password }}"
	- name: Set password to permanent password
	expect:
	command: passwd root
	responses:
	(?i)password: "{{ password }}"

	- name: Password last set on today, with minimum password life of 0 days
	command: chage -d "{{ ansible_date_time.date }}" -m 0 -E -1 -M -1 root

	- name: Set expiration date of never
	command: usermod -e -1 root
	register: usermod
	changed_when: 'usermod.stderr != "usermod: no changes"'

	become: yes
	...