Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
1Password add server and ipmi playbook
- name: Reset password
hosts: "{{ host }}"
vars:
ipmi_password: "{{ lookup('password', '/tmp/' ~ inventory_hostname ~ '_ipmipassword chars=ascii_letters,digits length=16') }}"
system_password: "{{ lookup('password', '/tmp/' ~ inventory_hostname ~ '_rootpassword chars=ascii_letters,digits,-,_,! length=20') }}"
tasks:
- name: install ipmitool
package:
name: ipmitool
state: present
register: ipmitool_install
- name: load modules
command: "modprobe ipmi_devintf"
when: ipmitool_install is changed
- name: get ipmi user
shell: "ipmitool user list 1 | head -n 3 | tail -n 1 | awk '{ print $2 }'"
register: ipmi_user
- name: get ipmi ip
shell: "ipmitool lan print 1 | grep 'IP Address' | grep -v 'Source' | awk '{ print $4 }'"
register: ipmi_ip
- name: set ipmi root password
command: "ipmitool user set password 2 {{ ipmi_password }}"
- name: set system root password
user:
name: root
password: "{{ system_password | password_hash('sha512') }}"
update_password: always
- name: Create vault records
delegate_to: localhost
command: "/root/op create item --vault '{{ vault }}' server '{{ item.data | to_json }}' --title {{ item.title }}"
no_log: true
with_items:
- title: "{{ inventory_hostname }}"
data:
notesPlain: ''
passwordHistory: []
sections:
- fields:
- k: string
n: url
t: URL
v: "{{ ansible_default_ipv4.address }}"
- k: string
n: username
t: username
v: 'root'
- k: concealed
n: password
t: password
v: "{{ system_password }}"
name: 'ssh'
title: 'SSH'
- fields:
- k: string
n: admin_console_url
t: admin console URL
v: 'https://{{ ipmi_ip.stdout }}'
- k: string
n: admin_console_username
t: admin console username
v: "{{ ipmi_user.stdout }}"
- k: concealed
n: admin_console_password
t: console password
v: "{{ ipmi_password }}"
name: admin_console
title: Admin Console
- name: Cleanup passwords
delegate_to: localhost
file:
path: "{{ item }}"
state: absent
with_items:
- "/tmp/{{ inventory_hostname }}_rootpassword"
- "/tmp/{{ inventory_hostname }}_ipmipassword"
vars_prompt:
- name: "password_token"
prompt: "Token for 1password"
private: yes
- name: "vault"
prompt: "Vault name to add server to"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment