50 lines
1.8 KiB
YAML
50 lines
1.8 KiB
YAML
- name: Test if password exists in file for {{ item.name }}
|
|
shell: grep -c "^{{ item.name }}_password" "{{ inventory_dir }}/group_vars/all/passwords.yaml" || true
|
|
register: password_test_grep
|
|
|
|
- name: Test if password pbkdf2-sha512 hash exists in file for {{ item.name }}
|
|
shell: grep -c "^{{ item.name }}_pbkdf2_sha512_hash" "{{ inventory_dir }}/group_vars/all/passwords.yaml" || true
|
|
register: pbkdf2_sha512_hash_test_grep
|
|
|
|
- name: Create password for {{ item.name }}
|
|
shell: "< /dev/urandom tr -dc A-Za-z0-9 | head -c${1:-64};echo;"
|
|
register: password
|
|
when: password_test_grep.stdout == '0'
|
|
|
|
- name: Show password json for {{ item.name }}
|
|
debug:
|
|
msg: "{{ password }}"
|
|
verbosity: 2
|
|
when: password_test_grep.stdout == '0'
|
|
|
|
- name: Create PBKDF2-SHA512 hash from password for {{ item.name }}
|
|
docker_container:
|
|
name: slappasswd
|
|
image: "{{ docker_registry }}/pwgen"
|
|
cleanup: true
|
|
detach: false
|
|
container_default_behavior: no_defaults
|
|
command: "slappasswd -o module-load=pw-pbkdf2 -h {PBKDF2-SHA512} -s {{ password.stdout | default(item.name + '_password') }}"
|
|
register: docker_container_output
|
|
when: pbkdf2_sha512_hash_test_grep.stdout == '0'
|
|
|
|
- debug:
|
|
msg: "{{ docker_container_output }}"
|
|
|
|
- name: Show docker_container_output for {{ item.name }}
|
|
debug:
|
|
msg: "{{ docker_container_output }}"
|
|
verbosity: 2
|
|
|
|
- name: Write password for {{ item.name }}
|
|
lineinfile:
|
|
path: "{{ inventory_dir }}/group_vars/all/passwords.yaml"
|
|
line: "{{ item.name }}_password: \"{{ password.stdout }}\""
|
|
when: password_test_grep.stdout == '0'
|
|
|
|
- name: Write PBKDF2-SHA512 hash for {{ item.name }}
|
|
lineinfile:
|
|
path: "{{ inventory_dir }}/group_vars/all/passwords.yaml"
|
|
line: "{{ item.name }}_pbkdf2_sha512_hash: \"{{ docker_container_output.container.Output.split('\n')[0] }}\""
|
|
when: pbkdf2_sha512_hash_test_grep.stdout == '0'
|