jumpserver/apps/assets/automations/change_secret/host/linux/main.yml

31 lines
850 B
YAML
Raw Normal View History

2022-10-09 12:54:11 +00:00
- hosts: demo
2022-10-10 05:56:42 +00:00
gather_facts: no
2022-10-09 12:54:11 +00:00
tasks:
- name: Test privileged account
ping:
#- name: print variables
# debug:
2022-10-13 09:47:29 +00:00
# msg: "Username: {{ account.username }}, Secret: {{ account.secret }}, Secret type: {{ account.secret_type }}"
2022-10-09 12:54:11 +00:00
- name: Change password
user:
name: "{{ account.username }}"
2022-10-13 09:47:29 +00:00
password: "{{ account.secret | password_hash('sha512') }}"
2022-10-09 12:54:11 +00:00
update_password: always
when: account.secret_type == 'password'
- name: Change public key
authorized_key:
user: "{{ account.username }}"
key: "{{ account.public_key }}"
state: present
when: account.public_key
- name: Verify password
ping:
vars:
ansible_user: "{{ account.username }}"
2022-10-13 09:47:29 +00:00
ansible_pass: "{{ account.secret }}"
2022-10-09 12:54:11 +00:00
ansible_ssh_connection: paramiko