Created
October 25, 2017 13:29
-
-
Save bgstack15/d565880badb92599536b751a15dc7189 to your computer and use it in GitHub Desktop.
Ansible playbook that changes root password
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# File: /etc/ansible/playbooks/prod/update_root_pw.yml | |
# Authors: bgstack15 | |
# Startdate: 2017-10-24 | |
# Title: Playbook that updates the local root password | |
# Purpose: Makes it easy to update the root password | |
# Usage: | |
# time ansible-playbook /etc/ansible/playbooks/prod/update_root_pw.yml -i /etc/ansible/dc3.inv -l el7test14 -v --ask-vault-pass | |
# Make file /home/ansible/rootpw.yml with the contents: | |
# --- | |
# password: "super$ecretpa5swOrdmy" | |
# ... | |
# Encrypt with: | |
# ansible-vault encrypt /home/ansible/rootpw.yml | |
# Reference: | |
# Version: 2017-10-24a | |
# Notes: | |
- hosts: all | |
vars_files: | |
- /home/ansible/rootpw.yml | |
tasks: | |
- block: | |
# alternatives include yum: package=expect state=present | |
- name: Move pexpect-3.3 to server and untar | |
unarchive: | |
src: /etc/ansible/templates/pexpect-3.3.tar.gz | |
dest: /usr/ | |
owner: root | |
group: root | |
mode: 0770 | |
- name: Install pexpect | |
command: /usr/bin/python setup.py install | |
args: | |
chdir: /usr/pexpect-3.3/ | |
# for some reason this does not work: user: name=root password="{{ password }}" | |
- name: Set password to permanent password | |
expect: | |
command: passwd root | |
responses: | |
(?i)password: "{{ password }}" | |
- name: Password last set on today, with minimum password life of 0 days | |
command: chage -d "{{ ansible_date_time.date }}" -m 0 -E -1 -M -1 root | |
- name: Set expiration date of never | |
command: usermod -e -1 root | |
register: usermod | |
changed_when: 'usermod.stderr != "usermod: no changes"' | |
become: yes | |
... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment