added task block to prompt user for a fallback password if given user password is null
This commit is contained in:
@@ -16,6 +16,27 @@
|
||||
register: remote_group
|
||||
tags:
|
||||
- lan
|
||||
- name: Managing passwords
|
||||
when: prehashed_passwords is undefined or prehashed_passwords == None
|
||||
block:
|
||||
- name: Acquiring users lacking passwords
|
||||
ansible.builtin.set_fact:
|
||||
passwordless_admins: "{{ admins | selectattr('password', '==', 'null') | list }}"
|
||||
- name: Pausing to acquire password for a user
|
||||
when: item.password is undefined or item.password == None
|
||||
ansible.builtin.pause:
|
||||
prompt: "Provide a password for the administrative user, {{ item.username }}"
|
||||
echo: false
|
||||
loop: "{{ passwordless_admins }}"
|
||||
register: prompted_passwords
|
||||
- name: Processing inputted password per user
|
||||
when: prompted_passwords is defined and prompted_passwords != None
|
||||
ansible.builtin.set_fact:
|
||||
prehashed_passwords: "{{ (prompted_passwords.results | default([])) | map(attribute='user_input') | list }}"
|
||||
- name: Pairing inputted passwords with associated user
|
||||
when: prehashed_passwords is defined or prehashed_passwords != None
|
||||
ansible.builtin.set_fact:
|
||||
prehashed_passwords: "{{ dict(passwordless_admins | map(attribute='username') | zip(prehashed_passwords) | list) }}"
|
||||
- name: Creating an administrative user
|
||||
become: true
|
||||
ansible.builtin.user:
|
||||
@@ -27,7 +48,7 @@
|
||||
append: true
|
||||
generate_ssh_key: true
|
||||
create_home: true
|
||||
password: "{{ item.password }}"
|
||||
password: "{{ item.password | default((prehashed_passwords[item.username] | password_hash(hashtype='sha512'))) }}"
|
||||
shell: "/bin/bash"
|
||||
loop: "{{ admins }}"
|
||||
register: admin_users
|
||||
|
||||
Reference in New Issue
Block a user