diff options
Diffstat (limited to 'changepw.yml')
-rw-r--r-- | changepw.yml | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/changepw.yml b/changepw.yml new file mode 100644 index 0000000..eafa847 --- /dev/null +++ b/changepw.yml @@ -0,0 +1,71 @@ +--- +# File: changepw.yml +# Location: /etc/ansible/shell/changepw/ +# Author: bgstack15@gmail.com +# Startdate: 2018-01-04 +# Title: Ansible Playbook that Changes My Password +# Purpose: Make changing my password easy in an environment where hosts have expirable passwords +# History: +# Usage: +# Use changepw.sh, which calls this playbook. +# Reference: +# ref/create_local_admin.yml +# Improve: +# Document: + +- name: Playbook that changes my password + vars_files: + - "{{ vaultfile }}" + hosts: "{{ sitelimit }}" + tasks: + - ping: + + - name: Install dependencies on OL7 + yum: + name: "{{ item }}" + enablerepo: ol7_latest + with_items: + - pexpect + when: + - ansible_distribution_major_version == "7" + - ansible_os_family == "RedHat" + tags: + - expect + + - name: Learn if local user exists + shell: grep -o -e "^{{ thisuser }}:" /etc/passwd | cat - + register: user_stat + changed_when: false + + - name: Set password only when local user exists + block: + + - name: Set permanent password + expect: + command: passwd "{{ thisuser }}" + responses: + (?i)password: "{{ thispassword }}" + tags: + - expect + + - name: Set password, hardcore mode + lineinfile: + path: /etc/shadow + regexp: '^({{ thisuser }}:)\$.{80,120}((:.+){6})' + backrefs: yes + line: '\1{{ thispasswordhash }}\2' + backup: yes + register: shadow + tags: + - hardcore + + - name: Set password last date set to today + shell: chage -d "{{ ansible_date_time.date }}" "{{ thisuser }}" + changed_when: false + tags: + - hardcore + + when: + - user_stat.stdout != "" + tags: + - changepw |