# Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. --- - name: Remove old user file: path: "{{ role_path }}/files/.users.digest" state: absent tags: install - name: Create a new user file: path: "{{ role_path }}/files/.users.digest" state: touch mode: 0644 tags: install - name: Take provision Password block: - name: Provision Password (Min length should be 8) pause: prompt: "{{ prompt_password }}" echo: no register: prompt_admin_password until: - prompt_admin_password.user_input | length > min_length| int - 1 retries: "{{ no_of_retry }}" delay: "{{ retry_delay }}" when: admin_password is not defined and no_prompt is not defined rescue: - name: Abort if password validation fails fail: msg: "{{ msg_incorrect_format }}" tags: install - name: Assert admin_password if prompt not given assert: that: - admin_password | length > min_length| int - 1 success_msg: "{{ success_msg_pwd_format }}" fail_msg: "{{ fail_msg_pwd_format }}" register: msg_pwd_format when: admin_password is defined and no_prompt is defined tags: install - name: Save admin password set_fact: admin_password: "{{ prompt_admin_password.user_input }}" when: no_prompt is not defined tags: install - name: Confirm password block: - name: Confirm provision password pause: prompt: "{{ confirm_password }}" echo: no register: prompt_admin_password_confirm until: admin_password == prompt_admin_password_confirm.user_input retries: "{{ no_of_retry }}" delay: "{{ retry_delay }}" when: admin_password_confirm is not defined and no_prompt is not defined rescue: - name: Abort if password confirmation failed fail: msg: "{{ msg_failed_password_confirm }}" tags: install - name: Assert admin_password_confirm if prompt not given assert: that: admin_password == admin_password_confirm success_msg: "{{ success_msg_pwd_confirm }}" fail_msg: "{{ fail_msg_pwd_confirm }}" register: msg_pwd_confirm when: admin_password_confirm is defined and no_prompt is defined tags: install - name: Encrypt cobbler password shell: > set -o pipefail && \ digest="$( printf "%s:%s:%s" {{ username }} "Cobbler" {{ admin_password }} | md5sum | awk '{print $1}' )" printf "%s:%s:%s\n" "{{ username }}" "Cobbler" "$digest" > "{{ role_path }}/files/.users.digest" args: executable: /bin/bash changed_when: false tags: install - name: Read password file set_fact: var: "{{ lookup('file', role_path+'/files/.users.digest').splitlines() }}" tags: install - name: Get encrypted password set_fact: encrypted_pass: "{{ var[0].split(':')[2] }}" - name: Create the kickstart file copy: src: "{{ role_path }}/files/temp_centos8.ks" dest: "{{ role_path }}/files/centos8.ks" mode: 0775 tags: install - name: Configure kickstart file replace: path: "{{ role_path }}/files/centos8.ks" regexp: '^url --url http://ip/cblr/links/CentOS8-x86_64/' replace: url --url http://{{ ansible_eno2.ipv4.address }}/cblr/links/CentOS8-x86_64/ tags: install - name: Random phrase generation command: openssl rand -base64 12 changed_when: false register: prompt_random_phrase tags: install - name: Set random phrase set_fact: random_phrase: "{{ prompt_random_phrase.stdout }}" tags: install - name: Login password command: openssl passwd -1 -salt {{ random_phrase }} {{ admin_password }} changed_when: false register: login_pass tags: install - name: Configure kickstart file replace: path: "{{ role_path }}/files/centos8.ks" regexp: '^rootpw --iscrypted password' replace: 'rootpw --iscrypted {{ login_pass.stdout }}' tags: install