Created
May 21, 2020 19:10
-
-
Save noonedeadpunk/eb6ad9b2058557ec3819a461ff805892 to your computer and use it in GitHub Desktop.
1Password add server and ipmi playbook
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- name: Reset password | |
hosts: "{{ host }}" | |
vars: | |
ipmi_password: "{{ lookup('password', '/tmp/' ~ inventory_hostname ~ '_ipmipassword chars=ascii_letters,digits length=16') }}" | |
system_password: "{{ lookup('password', '/tmp/' ~ inventory_hostname ~ '_rootpassword chars=ascii_letters,digits,-,_,! length=20') }}" | |
tasks: | |
- name: install ipmitool | |
package: | |
name: ipmitool | |
state: present | |
register: ipmitool_install | |
- name: load modules | |
command: "modprobe ipmi_devintf" | |
when: ipmitool_install is changed | |
- name: get ipmi user | |
shell: "ipmitool user list 1 | head -n 3 | tail -n 1 | awk '{ print $2 }'" | |
register: ipmi_user | |
- name: get ipmi ip | |
shell: "ipmitool lan print 1 | grep 'IP Address' | grep -v 'Source' | awk '{ print $4 }'" | |
register: ipmi_ip | |
- name: set ipmi root password | |
command: "ipmitool user set password 2 {{ ipmi_password }}" | |
- name: set system root password | |
user: | |
name: root | |
password: "{{ system_password | password_hash('sha512') }}" | |
update_password: always | |
- name: Create vault records | |
delegate_to: localhost | |
command: "/root/op create item --vault '{{ vault }}' server '{{ item.data | to_json }}' --title {{ item.title }}" | |
no_log: true | |
with_items: | |
- title: "{{ inventory_hostname }}" | |
data: | |
notesPlain: '' | |
passwordHistory: [] | |
sections: | |
- fields: | |
- k: string | |
n: url | |
t: URL | |
v: "{{ ansible_default_ipv4.address }}" | |
- k: string | |
n: username | |
t: username | |
v: 'root' | |
- k: concealed | |
n: password | |
t: password | |
v: "{{ system_password }}" | |
name: 'ssh' | |
title: 'SSH' | |
- fields: | |
- k: string | |
n: admin_console_url | |
t: admin console URL | |
v: 'https://{{ ipmi_ip.stdout }}' | |
- k: string | |
n: admin_console_username | |
t: admin console username | |
v: "{{ ipmi_user.stdout }}" | |
- k: concealed | |
n: admin_console_password | |
t: console password | |
v: "{{ ipmi_password }}" | |
name: admin_console | |
title: Admin Console | |
- name: Cleanup passwords | |
delegate_to: localhost | |
file: | |
path: "{{ item }}" | |
state: absent | |
with_items: | |
- "/tmp/{{ inventory_hostname }}_rootpassword" | |
- "/tmp/{{ inventory_hostname }}_ipmipassword" | |
vars_prompt: | |
- name: "password_token" | |
prompt: "Token for 1password" | |
private: yes | |
- name: "vault" | |
prompt: "Vault name to add server to" | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment