mirror of https://github.com/jumpserver/jumpserver
59 lines
2.6 KiB
YAML
59 lines
2.6 KiB
YAML
- hosts: custom
|
|
gather_facts: no
|
|
vars:
|
|
asset_port: "{{ jms_asset.protocols | selectattr('name', 'equalto', 'ssh') | map(attribute='port') | first }}"
|
|
ansible_connection: local
|
|
ansible_become: false
|
|
|
|
tasks:
|
|
- name: Test privileged account (paramiko)
|
|
ssh_ping:
|
|
login_host: "{{ jms_asset.address }}"
|
|
login_port: "{{ asset_port }}"
|
|
login_user: "{{ jms_account.username }}"
|
|
login_password: "{{ jms_account.secret }}"
|
|
login_secret_type: "{{ jms_account.secret_type }}"
|
|
login_private_key_path: "{{ jms_account.private_key_path }}"
|
|
become: "{{ custom_become | default(False) }}"
|
|
become_method: "{{ custom_become_method | default('su') }}"
|
|
become_user: "{{ custom_become_user | default('') }}"
|
|
become_password: "{{ custom_become_password | default('') }}"
|
|
become_private_key_path: "{{ custom_become_private_key_path | default(None) }}"
|
|
register: ping_info
|
|
delegate_to: localhost
|
|
|
|
- name: Change asset password (paramiko)
|
|
custom_command:
|
|
login_user: "{{ jms_account.username }}"
|
|
login_password: "{{ jms_account.secret }}"
|
|
login_host: "{{ jms_asset.address }}"
|
|
login_port: "{{ asset_port }}"
|
|
login_secret_type: "{{ jms_account.secret_type }}"
|
|
login_private_key_path: "{{ jms_account.private_key_path }}"
|
|
become: "{{ custom_become | default(False) }}"
|
|
become_method: "{{ custom_become_method | default('su') }}"
|
|
become_user: "{{ custom_become_user | default('') }}"
|
|
become_password: "{{ custom_become_password | default('') }}"
|
|
become_private_key_path: "{{ custom_become_private_key_path | default(None) }}"
|
|
name: "{{ account.username }}"
|
|
password: "{{ account.secret }}"
|
|
commands: "{{ params.commands }}"
|
|
first_conn_delay_time: "{{ first_conn_delay_time | default(0.5) }}"
|
|
ignore_errors: true
|
|
when: ping_info is succeeded
|
|
register: change_info
|
|
delegate_to: localhost
|
|
|
|
- name: Verify password (paramiko)
|
|
ssh_ping:
|
|
login_user: "{{ account.username }}"
|
|
login_password: "{{ account.secret }}"
|
|
login_host: "{{ jms_asset.address }}"
|
|
login_port: "{{ asset_port }}"
|
|
become: "{{ account.become.ansible_become | default(False) }}"
|
|
become_method: su
|
|
become_user: "{{ account.become.ansible_user | default('') }}"
|
|
become_password: "{{ account.become.ansible_password | default('') }}"
|
|
become_private_key_path: "{{ account.become.ansible_ssh_private_key_file | default(None) }}"
|
|
delegate_to: localhost
|