Ansible Script 추가

2023-12-19 13:36:16 +09:00
parent 0273450ff6
commit 05cb8d9269
2610 changed files with 281893 additions and 0 deletions
--- a/ansible/01_old/roles/password_change/tasks/01_get_password.yml
+++ b/ansible/01_old/roles/password_change/tasks/01_get_password.yml
@@ -0,0 +1,41 @@
+---
+- name: get password
+  command: "{{ role_path }}/files/gen_password {{ encrypt }}"
+  register: user_password
+  delegate_to: 127.0.0.1
+  when: manual_password is not defined
+
+- name: get admin password
+  command: "{{ role_path }}/files/gen_password {{ encrypt }}"
+  register: admin_password
+  delegate_to: 127.0.0.1
+  when: manual_password is not defined
+
+- name: set fact user password
+  block:
+    - set_fact:
+        user_password: "{{ user_password.stdout }}"
+  rescue:
+    - set_fact:
+        user_password: "{{ manual_password }}"
+  always:
+    - debug:
+        msg: "{{ username }} : {{ user_password }}"
+      when: debug_mode == True
+
+- name: set fact admin password
+  block:
+    - set_fact:
+        admin_password: "{{ admin_password.stdout }}"
+  rescue:
+    - set_fact:
+        admin_password: "{{ manual_password }}"
+  always:
+    - debug:
+        msg: "{{ adminuser }} : {{ admin_password }}"
+      when: debug_mode == True
+
+- debug:
+    msg: "({user_password}}"
+    msg: "({admin_password}}"
+        
--- a/ansible/01_old/roles/password_change/tasks/02_change_password.yml
+++ b/ansible/01_old/roles/password_change/tasks/02_change_password.yml
@@ -0,0 +1,24 @@
+---
+- include_tasks: 99_decrypt_password.yml
+  when: 
+  - encrypt == 1
+  - manual_password is not defined
+
+- debug:
+    var: user_password
+
+- name: user password change
+  user:
+    name: "{{ item }}"
+    password: "{{ user_password | password_hash('sha512') }}"
+    state: present
+  with_items:
+    - "{{ username }}"
+
+- name: admin password change
+  user:
+    name: "{{ item }}"
+    password: "{{ admin_password | password_hash('sha512') }}"
+    state: present
+  with_items:
+  - "{{ adminuser }}"
--- a/ansible/01_old/roles/password_change/tasks/03_vault.yml
+++ b/ansible/01_old/roles/password_change/tasks/03_vault.yml
@@ -0,0 +1,21 @@
+---
+- name: Check if ansible_port is defined
+  set_fact:
+    ansible_port: "{{ ansible_port | default(22) }}"
+
+- debug:
+    msg: "{{ ansible_distribution }} {{ ansible_hostname }} {{ ansible_default_ipv4.address }} {{ ansible_port }} {{ username }} {{ user_password }} {{ adminuser }} {{ admin_password }}"
+  when: debug_mode == True
+
+- name: put vault
+  command: "{{ role_path }}/files/vault_put {{ ansible_default_ipv4.address }} {{ username }} {{ user_password }} {{ adminuser }} {{ admin_password }}"
+  delegate_to: 127.0.0.1
+
+- name: get vault
+  command: "{{ role_path }}/files/vault_get {{ ansible_default_ipv4.address }} {{ username }} {{ user_password }} {{ adminuser }} {{ admin_password }}"
+  register: get_vault
+  delegate_to: 127.0.0.1
+
+- debug:
+    msg: "{{get_vault.stdout_lines}}"
+  when: debug_mode == True
--- a/ansible/01_old/roles/password_change/tasks/04_excel_export.yml
+++ b/ansible/01_old/roles/password_change/tasks/04_excel_export.yml
@@ -0,0 +1,54 @@
+---
+- name: Redirect output to local file
+  delegate_to: localhost
+  copy:
+    content: "[{{ ansible_date_time.date }} {{ ansible_date_time.hour }}:{{ ansible_date_time.minute }}:{{ ansible_date_time.second }}]"
+    dest: "/tmp/host_list"
+    mode: '0666'
+    backup: yes
+
+- name: Append output to local file
+  delegate_to: localhost
+  lineinfile:
+    path: "/tmp/host_list"
+    line: "{{ ansible_distribution }} {{ ansible_hostname }} {{ ansible_default_ipv4.address }} {{ sshmainport }} {{ username }} {{ user_password }} {{ adminuser }} {{ admin_password }}"
+    create: yes
+
+- name: Create a directory if it does not exist
+  delegate_to: localhost
+  ansible.builtin.file:
+    path: /mnt/nas
+    state: directory
+    mode: '0755'
+
+      #- name: Mount NFS volumes with noauto according to boot option
+      #  delegate_to: localhost
+      #  ansible.posix.mount:
+      #    src: 10.10.43.42:/volume1/platform/02_비밀번호관리대장
+      #    path: /mnt/nas
+      #    opts: rw,sync,hard
+      #    boot: false
+      #    state: mounted
+      #    fstype: nfs
+
+
+- name: excel export
+  command: "{{ role_path }}/files/custom_excel"
+  delegate_to: 127.0.0.1
+  register: excel_name
+
+- name: debug excel output
+  debug:
+    var: excel_name.stdout
+
+- name: excel copy
+  copy:
+    src: "{{ excel_name.stdout }}"
+    dest: /mnt/nas
+  delegate_to: 10.10.43.43
+  vars:
+    ansible_ssh_user: dev2-iac
+    #  ansible_ssh_pass: Saasadmin1234!
+    #  ansible_become_pass: Saasadmin1234!
+    ansible_port: 2222
+    #  ansible_ssh_common_args: '-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'
--- a/ansible/01_old/roles/password_change/tasks/99_decrypt_password.yml
+++ b/ansible/01_old/roles/password_change/tasks/99_decrypt_password.yml
@@ -0,0 +1,27 @@
+---
+- name: user_password decrypt
+  command: "{{ role_path }}/files/decrypt_password {{ user_password }}"
+  register: user_password
+  delegate_to: 127.0.0.1
+
+- name: admin_password decrypt
+  command: "{{ role_path }}/files/decrypt_password {{ admin_password }}"
+  register: admin_password
+  delegate_to: 127.0.0.1
+  when: 
+  - encrypt == 1
+  - manual_password is not defined
+
+- name: admin_password re fact
+  set_fact: 
+    admin_password: "{{ admin_password.stdout }}"
+  when: 
+  - encrypt == 1
+  - manual_password is not defined
+
+- name: user_password re fact
+  set_fact: 
+    user_password: "{{ user_password.stdout }}"
+  when: 
+  - encrypt == 1
+  - manual_password is not defined
--- a/ansible/01_old/roles/password_change/tasks/main.yml
+++ b/ansible/01_old/roles/password_change/tasks/main.yml
@@ -0,0 +1,12 @@
+---
+- include: 01_get_password.yml
+  tags: password
+
+- include: 02_change_password.yml
+  tags: change
+
+- include: 03_vault.yml
+  tags: vault
+
+- include: 04_excel_export.yml
+  tags: excel