jumpserver/apps/assets/automations/change_secret/host/linux/main.yml

57 lines
1.7 KiB
YAML
Raw Normal View History

2022-10-09 12:54:11 +00:00
- hosts: demo
2022-10-10 05:56:42 +00:00
gather_facts: no
2022-10-09 12:54:11 +00:00
tasks:
- name: Test privileged account
2022-10-14 08:33:24 +00:00
ansible.builtin.ping:
2022-10-20 12:34:15 +00:00
#
# - name: print variables
# debug:
# msg: "Username: {{ account.username }}, Secret: {{ account.secret }}, Secret type: {{ secret_type }}"
2022-10-09 12:54:11 +00:00
- name: Change password
2022-10-14 08:33:24 +00:00
ansible.builtin.user:
2022-10-09 12:54:11 +00:00
name: "{{ account.username }}"
2022-10-13 09:47:29 +00:00
password: "{{ account.secret | password_hash('sha512') }}"
2022-10-09 12:54:11 +00:00
update_password: always
2022-10-21 10:19:09 +00:00
when: secret_type == "password"
2022-10-09 12:54:11 +00:00
2022-10-20 12:34:15 +00:00
- name: create user If it already exists, no operation will be performed
ansible.builtin.user:
name: "{{ account.username }}"
2022-10-21 10:19:09 +00:00
when: secret_type == "ssh_key"
2022-10-20 12:34:15 +00:00
- name: remove jumpserver ssh key
ansible.builtin.lineinfile:
dest: "{{ kwargs.dest }}"
regexp: "{{ kwargs.regexp }}"
state: absent
2022-10-21 10:19:09 +00:00
when: secret_type == "ssh_key" and kwargs.strategy == "set_jms"
2022-10-20 12:34:15 +00:00
- name: Change SSH key
2022-10-14 08:33:24 +00:00
ansible.builtin.authorized_key:
2022-10-09 12:54:11 +00:00
user: "{{ account.username }}"
2022-10-20 12:34:15 +00:00
key: "{{ account.secret }}"
exclusive: "{{ kwargs.exclusive }}"
2022-10-21 10:19:09 +00:00
when: secret_type == "ssh_key"
2022-10-14 08:33:24 +00:00
- name: Refresh connection
ansible.builtin.meta: reset_connection
2022-10-09 12:54:11 +00:00
- name: Verify password
2022-10-14 08:33:24 +00:00
ansible.builtin.ping:
become: no
2022-10-09 12:54:11 +00:00
vars:
ansible_user: "{{ account.username }}"
2022-10-14 08:33:24 +00:00
ansible_password: "{{ account.secret }}"
ansible_become: no
2022-10-21 10:19:09 +00:00
when: secret_type == "password"
2022-10-20 12:34:15 +00:00
- name: Verify SSH key
ansible.builtin.ping:
become: no
vars:
ansible_user: "{{ account.username }}"
ansible_ssh_private_key_file: "{{ account.private_key_path }}"
ansible_become: no
2022-10-21 10:19:09 +00:00
when: secret_type == "ssh_key"