admin/skato-ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 3 Releases Wiki Activity

added task block to prompt user for a fallback password if given root password is null

Browse Source
This commit is contained in:
xenobyte
2026-06-17 14:40:35 -04:00
parent f4399a2c8a
commit 9945330b82
1 changed files with 24 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
roles/init-server/tasks/spawn.yml
View File

@@ -18,20 +18,41 @@
ansible.builtin.set_fact: ansible.builtin.set_fact:
root_pubkeys: "{{ root_pubkeys | default([]) + [lookup('file', item)] }}" root_pubkeys: "{{ root_pubkeys | default([]) + [lookup('file', item)] }}"
loop: "{{ root_pubkey_paths }}" loop: "{{ root_pubkey_paths }}"
- name: Ensuring password is defined for root user
when: prehashed_password is undefined or prehashed_password == None
block:
- name: Prompting for password for or of root user
when: password is undefined or password == None
ansible.builtin.pause:
prompt: "Provide a password for the root user"
echo: false
register: prompted_password
- name: Getting the inputted password for root user
when: prompted_password is defined or prompted_password != None
ansible.builtin.set_fact:
prehashed_password: "{{ prompted_password.user_input }}"
- name: Bootstrapping VPS - name: Bootstrapping VPS
block: block:
- name: Ensuring token is available for VPS service API
when: token is undefined or token == None
ansible.builtin.pause:
prompt: "Provide the API token for the given VPS service"
echo: false
register: prompted_token
- name: Creating VPS via Linode VPS service API - name: Creating VPS via Linode VPS service API
block: block:
- name: Creating the VPS - name: Creating the VPS
linode.cloud.instance: linode.cloud.instance:
api_token: "{{ token }}" api_token: "{{ token | prompted_token.user_input }}"
label: "{{ instance }}" label: "{{ instance }}"
type: g6-standard-2 type: g6-standard-2
image: "{{ operating_system }}" image: "{{ operating_system }}"
disk_encryption: enabled disk_encryption: enabled
region: "{{ origin }}" region: "{{ origin }}"
private_ip: true private_ip: true
root_pass: "{{ password }}" # @TODO find out if 'root_pass' attribute takes in hashed or plaintext password
# root_pass: "{{ password | default((prehashed_password | lookup('password_hash', hashtype='sha512'))) }}" # IF HASHED
root_pass: "{{ password | default(prehashed_password) }}" # IF PLAINTEXT
authorized_keys: "{{ root_pubkeys }}" authorized_keys: "{{ root_pubkeys }}"
state: present state: present
register: new_instance register: new_instance
@@ -43,7 +64,6 @@
timeout: 300 timeout: 300
vars: vars:
ansible_ssh_private_key_file: "{{ chosen_privkey | default(ssh_keypairs.files | rejectattr('path', 'search', '\\.pub$') | map(attribute='path') | list | random) }}" # @TODO define 'chosen_privkey'in playbook ansible_ssh_private_key_file: "{{ chosen_privkey | default(ssh_keypairs.files | rejectattr('path', 'search', '\\.pub$') | map(attribute='path') | list | random) }}" # @TODO define 'chosen_privkey'in playbook
ansible_user: root
loop: "{{ new_instance.instance[ip_pref] }}" loop: "{{ new_instance.instance[ip_pref] }}"
tags: tags:
- linode - linode
@@ -66,8 +86,6 @@
ansible.builtin.wait_for_connection: ansible.builtin.wait_for_connection:
delay: 20 delay: 20
timeout: 300 timeout: 300
vars:
ansible_user: root
loop: "{{ groups[instance] | default(hostvars[instance]) }}" loop: "{{ groups[instance] | default(hostvars[instance]) }}"
- name: Checking if that server has required operating system - name: Checking if that server has required operating system
delegate_to: "{{ item }}" delegate_to: "{{ item }}"
@@ -76,8 +94,6 @@
when: ansible_facts["system"] != "Linux" and item is ansible.utils['ip_pref'] when: ansible_facts["system"] != "Linux" and item is ansible.utils['ip_pref']
ansible.builtin.fail: ansible.builtin.fail:
msg: Unsupported operating system found msg: Unsupported operating system found
vars:
ansible_user: root
loop: "{{ groups[instance] | default(hostvars[instance]) }}" loop: "{{ groups[instance] | default(hostvars[instance]) }}"
- name: Checking if that server has required Linux distro - name: Checking if that server has required Linux distro
delegate_to: "{{ item }}" delegate_to: "{{ item }}"
@@ -86,19 +102,16 @@
when: ansible_facts["system"] == "Linux" and ansible_facts["os_family"] != "Debian" and item is ansible.utils['ip_pref'] when: ansible_facts["system"] == "Linux" and ansible_facts["os_family"] != "Debian" and item is ansible.utils['ip_pref']
ansible.builtin.fail: ansible.builtin.fail:
msg: Unsupported Linux distro found msg: Unsupported Linux distro found
vars:
ansible_user: root
loop: "{{ groups[instance] | default(hostvars[instance]) }}" loop: "{{ groups[instance] | default(hostvars[instance]) }}"
- name: Providing authorized keys for server root account - name: Providing authorized keys for server root account
delegate_to: "{{ item[0] }}" delegate_to: "{{ item[0] }}"
delegate_facts: true delegate_facts: true
become: true
remote_user: root remote_user: root
ansible.posix.authorized_key: ansible.posix.authorized_key:
user: "{{ ansible_user }}" user: "{{ ansible_user }}"
key: "{{ lookup('file', item[1]) }}" key: "{{ lookup('file', item[1]) }}"
state: present state: present
vars:
ansible_user: root
loop: "{{ (groups[instance] | default(hostvars[instance])) | product(root_pubkey_paths) }}" loop: "{{ (groups[instance] | default(hostvars[instance])) | product(root_pubkey_paths) }}"
tags: tags:
- lan - lan