Home Explore Help
Sign In
RONCC
/
Dell-Omnia-Clusters-HPC-AI
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 25e049ed38
Branches Tags
Dell-Omnia-C...
/
appliance
/
roles
/
provision
/
tasks
/
provision_password.yml

provision_password.yml 4.3 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145 
  1. #  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
    2. 

  2. #
    3. 

  3. #  Licensed under the Apache License, Version 2.0 (the "License");
    4. 

  4. #  you may not use this file except in compliance with the License.
    5. 

  5. #  You may obtain a copy of the License at
    6. 

  6. #
    7. 

  7. #      http://www.apache.org/licenses/LICENSE-2.0
    8. 

  8. #
    9. 

  9. #  Unless required by applicable law or agreed to in writing, software
    10. 

  10. #  distributed under the License is distributed on an "AS IS" BASIS,
    11. 

  11. #  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12. 

  12. #  See the License for the specific language governing permissions and
    13. 

  13. #  limitations under the License.
    14. 

  14. ---
    15. 

  15. 

  16. - name: Remove old user
    17. 

  17.   file:
    18. 

  18.     path: "{{ role_path }}/files/.users.digest"
    19. 

  19.     state: absent
    20. 

  20.   tags: install
    21. 

  21. 

  22. - name: Create a new user
    23. 

  23.   file:
    24. 

  24.     path: "{{ role_path }}/files/.users.digest"
    25. 

  25.     state: touch
    26. 

  26.     mode: 0644
    27. 

  27.   tags: install
    28. 

  28. 

  29. - name: Take provision Password
    30. 

  30.   block:
    31. 

  31.   - name: Provision Password (Min length should be 8)
    32. 

  32.     pause:
    33. 

  33.       prompt: "{{ prompt_password }}"
    34. 

  34.       echo: no
    35. 

  35.     register: prompt_admin_password
    36. 

  36.     until:
    37. 

  37.       - prompt_admin_password.user_input | length >  min_length| int  - 1
    38. 

  38.     retries: "{{ no_of_retry }}"
    39. 

  39.     delay: "{{ retry_delay }}"
    40. 

  40.     when: admin_password is not defined and no_prompt is not defined
    41. 

  41.   rescue:
    42. 

  42.   - name: Abort if password validation fails
    43. 

  43.     fail:
    44. 

  44.       msg: "{{ msg_incorrect_format }}"
    45. 

  45.   tags: install
    46. 

  46. 

  47. - name: Assert admin_password if prompt not given
    48. 

  48.   assert:
    49. 

  49.     that:
    50. 

  50.         - admin_password | length >  min_length| int  - 1
    51. 

  51.     success_msg: "{{ success_msg_pwd_format }}"
    52. 

  52.     fail_msg: "{{ fail_msg_pwd_format }}"
    53. 

  53.   register: msg_pwd_format
    54. 

  54.   when: admin_password is defined and no_prompt is defined
    55. 

  55.   tags: install
    56. 

  56. 

  57. - name: Save admin password
    58. 

  58.   set_fact:
    59. 

  59.     admin_password: "{{ prompt_admin_password.user_input }}"
    60. 

  60.   when: no_prompt is not defined
    61. 

  61.   tags: install
    62. 

  62. 

  63. - name: Confirm password
    64. 

  64.   block:
    65. 

  65.   - name: Confirm provision password
    66. 

  66.     pause:
    67. 

  67.       prompt: "{{ confirm_password }}"
    68. 

  68.       echo: no
    69. 

  69.     register: prompt_admin_password_confirm
    70. 

  70.     until: admin_password == prompt_admin_password_confirm.user_input
    71. 

  71.     retries: "{{ no_of_retry }}"
    72. 

  72.     delay: "{{ retry_delay }}"
    73. 

  73.     when: admin_password_confirm is not defined and no_prompt is not defined
    74. 

  74.   rescue:
    75. 

  75.   - name: Abort if password confirmation failed
    76. 

  76.     fail:
    77. 

  77.       msg: "{{ msg_failed_password_confirm }}"
    78. 

  78.   tags: install
    79. 

  79. 

  80. - name: Assert admin_password_confirm if prompt not given
    81. 

  81.   assert:
    82. 

  82.     that: admin_password == admin_password_confirm
    83. 

  83.     success_msg: "{{ success_msg_pwd_confirm }}"
    84. 

  84.     fail_msg: "{{ fail_msg_pwd_confirm }}"
    85. 

  85.   register: msg_pwd_confirm
    86. 

  86.   when: admin_password_confirm is defined and no_prompt is defined
    87. 

  87.   tags: install
    88. 

  88. 

  89. - name: Encrypt cobbler password
    90. 

  90.   shell: >
    91. 

  91.      set -o pipefail && \
    92. 

  92.      digest="$( printf "%s:%s:%s" {{ username }} "Cobbler" {{ admin_password }} | md5sum | awk '{print $1}' )"
    93. 

  93.      printf "%s:%s:%s\n" "{{ username }}" "Cobbler" "$digest" > "{{ role_path }}/files/.users.digest"
    94. 

  94.   args:
    95. 

  95.     executable: /bin/bash
    96. 

  96.   changed_when: false
    97. 

  97.   tags: install
    98. 

  98. 

  99. - name: Read password file
    100. 

  100.   set_fact:
    101. 

  101.     var: "{{ lookup('file', role_path+'/files/.users.digest').splitlines() }}"
    102. 

  102.   tags: install
    103. 

  103. 

  104. - name: Get encrypted password
    105. 

  105.   set_fact:
    106. 

  106.     encrypted_pass: "{{ var[0].split(':')[2] }}"
    107. 

  107. 

  108. - name: Create the kickstart file
    109. 

  109.   copy:
    110. 

  110.     src: "{{ role_path }}/files/temp_centos8.ks"
    111. 

  111.     dest: "{{ role_path }}/files/centos8.ks"
    112. 

  112.     mode: 0775
    113. 

  113.   tags: install
    114. 

  114. 

  115. - name: Configure kickstart file
    116. 

  116.   replace:
    117. 

  117.     path: "{{ role_path }}/files/centos8.ks"
    118. 

  118.     regexp: '^url --url http://ip/cblr/links/CentOS8-x86_64/'
    119. 

  119.     replace: url --url http://{{ ansible_eno2.ipv4.address }}/cblr/links/CentOS8-x86_64/
    120. 

  120.   tags: install
    121. 

  121. 

  122. - name: Random phrase generation
    123. 

  123.   command: openssl rand -base64 12
    124. 

  124.   changed_when: false
    125. 

  125.   register: prompt_random_phrase
    126. 

  126.   tags: install
    127. 

  127. 

  128. - name: Set random phrase
    129. 

  129.   set_fact:
    130. 

  130.     random_phrase: "{{ prompt_random_phrase.stdout }}"
    131. 

  131.   tags: install
    132. 

  132. 

  133. - name: Login password
    134. 

  134.   command: openssl passwd -1 -salt {{ random_phrase }} {{ admin_password }}
    135. 

  135.   changed_when: false
    136. 

  136.   register: login_pass
    137. 

  137.   tags: install
    138. 

  138. 

  139. - name: Configure kickstart file
    140. 

  140.   replace:
    141. 

  141.     path: "{{ role_path }}/files/centos8.ks"
    142. 

  142.     regexp: '^rootpw --iscrypted password'
    143. 

  143.     replace: 'rootpw --iscrypted {{ login_pass.stdout }}'
    144. 

  144.   tags: install
    145. 

  145.