noonedeadpunk/add_1password_server.yml

## add_1password_server.yml
- name: Reset password
  hosts: "{{ host }}"
  vars:
    ipmi_password: "{{ lookup('password', '/tmp/' ~ inventory_hostname ~ '_ipmipassword chars=ascii_letters,digits length=16') }}"
    system_password: "{{ lookup('password', '/tmp/' ~ inventory_hostname ~ '_rootpassword chars=ascii_letters,digits,-,_,! length=20') }}"
  tasks:
    - name: install ipmitool
      package:
        name: ipmitool
        state: present
      register: ipmitool_install

    - name: load modules
      command: "modprobe ipmi_devintf"
      when: ipmitool_install is changed

    - name: get ipmi user
      shell: "ipmitool user list 1 | head -n 3 | tail -n 1 | awk '{ print $2 }'"
      register: ipmi_user

    - name: get ipmi ip
      shell: "ipmitool lan print 1 | grep 'IP Address' | grep -v 'Source' | awk '{ print $4 }'"
      register: ipmi_ip

    - name: set ipmi root password
      command: "ipmitool user set password 2 {{ ipmi_password }}"

    - name: set system root password
      user:
        name: root
        password: "{{ system_password | password_hash('sha512') }}"
        update_password: always

    - name: Create vault records
      delegate_to: localhost
      command: "/root/op create item --vault '{{ vault }}' server '{{ item.data | to_json }}' --title {{ item.title }}"
      no_log: true
      with_items:
        - title: "{{ inventory_hostname }}"
          data:
            notesPlain: ''
            passwordHistory: []
            sections:
              - fields:
                - k: string
                  n: url
                  t: URL
                  v: "{{ ansible_default_ipv4.address }}"
                - k: string
                  n: username
                  t: username
                  v: 'root'
                - k: concealed
                  n: password
                  t: password
                  v: "{{ system_password }}"
                name: 'ssh'
                title: 'SSH'
              - fields:
                - k: string
                  n: admin_console_url
                  t: admin console URL
                  v: 'https://{{ ipmi_ip.stdout }}'
                - k: string
                  n: admin_console_username
                  t: admin console username
                  v: "{{ ipmi_user.stdout }}"
                - k: concealed
                  n: admin_console_password
                  t: console password
                  v: "{{ ipmi_password }}"
                name: admin_console
                title: Admin Console

    - name: Cleanup passwords
      delegate_to: localhost
      file:
        path: "{{ item }}"
        state: absent
      with_items:
        - "/tmp/{{ inventory_hostname }}_rootpassword"
        - "/tmp/{{ inventory_hostname }}_ipmipassword"

  vars_prompt:
    - name: "password_token"
      prompt: "Token for 1password"
      private: yes
    - name: "vault"
      prompt: "Vault name to add server to"
	- name: Reset password
	hosts: "{{ host }}"
	vars:
	ipmi_password: "{{ lookup('password', '/tmp/' ~ inventory_hostname ~ '_ipmipassword chars=ascii_letters,digits length=16') }}"
	system_password: "{{ lookup('password', '/tmp/' ~ inventory_hostname ~ '_rootpassword chars=ascii_letters,digits,-,_,! length=20') }}"
	tasks:
	- name: install ipmitool
	package:
	name: ipmitool
	state: present
	register: ipmitool_install

	- name: load modules
	command: "modprobe ipmi_devintf"
	when: ipmitool_install is changed

	- name: get ipmi user
	shell: "ipmitool user list 1 \| head -n 3 \| tail -n 1 \| awk '{ print $2 }'"
	register: ipmi_user

	- name: get ipmi ip
	shell: "ipmitool lan print 1 \| grep 'IP Address' \| grep -v 'Source' \| awk '{ print $4 }'"
	register: ipmi_ip

	- name: set ipmi root password
	command: "ipmitool user set password 2 {{ ipmi_password }}"

	- name: set system root password
	user:
	name: root
	password: "{{ system_password \| password_hash('sha512') }}"
	update_password: always

	- name: Create vault records
	delegate_to: localhost
	command: "/root/op create item --vault '{{ vault }}' server '{{ item.data \| to_json }}' --title {{ item.title }}"
	no_log: true
	with_items:
	- title: "{{ inventory_hostname }}"
	data:
	notesPlain: ''
	passwordHistory: []
	sections:
	- fields:
	- k: string
	n: url
	t: URL
	v: "{{ ansible_default_ipv4.address }}"
	- k: string
	n: username
	t: username
	v: 'root'
	- k: concealed
	n: password
	t: password
	v: "{{ system_password }}"
	name: 'ssh'
	title: 'SSH'
	- fields:
	- k: string
	n: admin_console_url
	t: admin console URL
	v: 'https://{{ ipmi_ip.stdout }}'
	- k: string
	n: admin_console_username
	t: admin console username
	v: "{{ ipmi_user.stdout }}"
	- k: concealed
	n: admin_console_password
	t: console password
	v: "{{ ipmi_password }}"
	name: admin_console
	title: Admin Console

	- name: Cleanup passwords
	delegate_to: localhost
	file:
	path: "{{ item }}"
	state: absent
	with_items:
	- "/tmp/{{ inventory_hostname }}_rootpassword"
	- "/tmp/{{ inventory_hostname }}_ipmipassword"

	vars_prompt:
	- name: "password_token"
	prompt: "Token for 1password"
	private: yes
	- name: "vault"
	prompt: "Vault name to add server to"