pwgen: rewrite checks and passwords generation

2025-05-23 13:05:03 +03:00
parent e67b5702d5
commit 74ae2c4694
7 changed files with 246 additions and 303 deletions
--- a/roles/pwgen/tasks/htpasswd.yaml
+++ b/roles/pwgen/tasks/htpasswd.yaml
@ -1,46 +1,36 @@
- name: Test if password exists in file for {{ item.name }}
-  shell: grep -c "^{{ item.name }}_password" "{{ inventory_dir }}/group_vars/all/passwords.yaml" || true
-  register: password_test_grep
-  
- name: Test if password htpasswd hash exists in file for {{ item.name }}
-  shell: grep -c "^{{ item.name }}_htpasswd_hash" "{{ inventory_dir }}/group_vars/all/passwords.yaml" || true
-  register: htpasswd_hash_test_grep
-
- name: Create password for {{ item.name }}
-  shell: "< /dev/urandom tr -dc A-Za-z0-9 | head -c${1:-64};echo;"
-  register: password
-  when: password_test_grep.stdout == '0'
-
- name: Show password json for {{ item.name }}
-  debug:
-    msg: "{{ password }}"
-    verbosity: 2
-  when: password_test_grep.stdout == '0'
-
- name: Create bcrypt hash from password for {{ item.name }}
-  docker_container:
-    name: slappasswd
-    image: "{{ docker_registry }}/pwgen"
-    cleanup: true
-    detach: false
-    container_default_behavior: no_defaults
-    command: "htpasswd -B -n -i -b -C 16 {{ item.name }} {{ password.stdout | default(item.name + '_password') }}"
-  register: docker_container_output
-  when: htpasswd_hash_test_grep.stdout == '0'
-
- name: Show docker_container_output for {{ item.name }}
-  debug:
-    msg: "{{ docker_container_output }}"
-    verbosity: 2
-
- name: Write password for {{ item.name }}
-  lineinfile:
-    path: "{{ inventory_dir }}/group_vars/all/passwords.yaml"
-    line: "{{ item.name }}_password: \"{{ password.stdout }}\""
-  when: password_test_grep.stdout == '0'
-
- name: Write htpasswd hash for {{ item.name }}
-  lineinfile:
-    path: "{{ inventory_dir }}/group_vars/all/passwords.yaml"
-    line: "{{ item.name }}_htpasswd_hash: \"{{ docker_container_output.container.Output.split('\n')[0].split(':')[1] }}\""
-  when: htpasswd_hash_test_grep.stdout == '0'
+- name: Generate htpasswd for {{ item.name }}
+  when: passwords[item.name + '_password'] is not defined or passwords[item.name + '_htpasswd_hash'] is not defined
+  block:
+    - name: Create password for {{ item.name }}
+      shell: "< /dev/urandom tr -dc A-Za-z0-9 | head -c${1:-64};echo;"
+      register: password
+    
+    - name: Show password json for {{ item.name }}
+      debug:
+        msg: "{{ password }}"
+        verbosity: 2
+    
+    - name: Create bcrypt hash from password for {{ item.name }}
+      docker_container:
+        name: slappasswd
+        image: "{{ docker_registry }}/pwgen"
+        cleanup: true
+        detach: false
+        container_default_behavior: no_defaults
+        command: "htpasswd -B -n -i -b -C 16 {{ item.name }} {{ password.stdout | default(item.name + '_password') }}"
+      register: docker_container_output
+    
+    - name: Show docker_container_output for {{ item.name }}
+      debug:
+        msg: "{{ docker_container_output }}"
+        verbosity: 2
+    
+    - name: Write password for {{ item.name }}
+      lineinfile:
+        path: "{{ inventory_dir }}/group_vars/all/passwords.yaml"
+        line: "{{ item.name }}_password: \"{{ password.stdout }}\""
+    
+    - name: Write htpasswd hash for {{ item.name }}
+      lineinfile:
+        path: "{{ inventory_dir }}/group_vars/all/passwords.yaml"
+        line: "{{ item.name }}_htpasswd_hash: \"{{ docker_container_output.container.Output.split('\n')[0].split(':')[1] }}\""