From 9945330b8255f9c7ce8e8a04b71d56ea7d4a3ac7 Mon Sep 17 00:00:00 2001 From: Alex Tavarez Date: Wed, 17 Jun 2026 14:40:35 -0400 Subject: [PATCH] added task block to prompt user for a fallback password if given root password is null --- roles/init-server/tasks/spawn.yml | 35 +++++++++++++++++++++---------- 1 file changed, 24 insertions(+), 11 deletions(-) diff --git a/roles/init-server/tasks/spawn.yml b/roles/init-server/tasks/spawn.yml index 7aded51..398e78c 100644 --- a/roles/init-server/tasks/spawn.yml +++ b/roles/init-server/tasks/spawn.yml @@ -18,20 +18,41 @@ ansible.builtin.set_fact: root_pubkeys: "{{ root_pubkeys | default([]) + [lookup('file', item)] }}" loop: "{{ root_pubkey_paths }}" +- name: Ensuring password is defined for root user + when: prehashed_password is undefined or prehashed_password == None + block: + - name: Prompting for password for or of root user + when: password is undefined or password == None + ansible.builtin.pause: + prompt: "Provide a password for the root user" + echo: false + register: prompted_password + - name: Getting the inputted password for root user + when: prompted_password is defined or prompted_password != None + ansible.builtin.set_fact: + prehashed_password: "{{ prompted_password.user_input }}" - name: Bootstrapping VPS block: + - name: Ensuring token is available for VPS service API + when: token is undefined or token == None + ansible.builtin.pause: + prompt: "Provide the API token for the given VPS service" + echo: false + register: prompted_token - name: Creating VPS via Linode VPS service API block: - name: Creating the VPS linode.cloud.instance: - api_token: "{{ token }}" + api_token: "{{ token | prompted_token.user_input }}" label: "{{ instance }}" type: g6-standard-2 image: "{{ operating_system }}" disk_encryption: enabled region: "{{ origin }}" private_ip: true - root_pass: "{{ password }}" + # @TODO find out if 'root_pass' attribute takes in hashed or plaintext password + # root_pass: "{{ password | default((prehashed_password | lookup('password_hash', hashtype='sha512'))) }}" # IF HASHED + root_pass: "{{ password | default(prehashed_password) }}" # IF PLAINTEXT authorized_keys: "{{ root_pubkeys }}" state: present register: new_instance @@ -43,7 +64,6 @@ timeout: 300 vars: ansible_ssh_private_key_file: "{{ chosen_privkey | default(ssh_keypairs.files | rejectattr('path', 'search', '\\.pub$') | map(attribute='path') | list | random) }}" # @TODO define 'chosen_privkey'in playbook - ansible_user: root loop: "{{ new_instance.instance[ip_pref] }}" tags: - linode @@ -66,8 +86,6 @@ ansible.builtin.wait_for_connection: delay: 20 timeout: 300 - vars: - ansible_user: root loop: "{{ groups[instance] | default(hostvars[instance]) }}" - name: Checking if that server has required operating system delegate_to: "{{ item }}" @@ -76,8 +94,6 @@ when: ansible_facts["system"] != "Linux" and item is ansible.utils['ip_pref'] ansible.builtin.fail: msg: Unsupported operating system found - vars: - ansible_user: root loop: "{{ groups[instance] | default(hostvars[instance]) }}" - name: Checking if that server has required Linux distro delegate_to: "{{ item }}" @@ -86,19 +102,16 @@ when: ansible_facts["system"] == "Linux" and ansible_facts["os_family"] != "Debian" and item is ansible.utils['ip_pref'] ansible.builtin.fail: msg: Unsupported Linux distro found - vars: - ansible_user: root loop: "{{ groups[instance] | default(hostvars[instance]) }}" - name: Providing authorized keys for server root account delegate_to: "{{ item[0] }}" delegate_facts: true + become: true remote_user: root ansible.posix.authorized_key: user: "{{ ansible_user }}" key: "{{ lookup('file', item[1]) }}" state: present - vars: - ansible_user: root loop: "{{ (groups[instance] | default(hostvars[instance])) | product(root_pubkey_paths) }}" tags: - lan