2024-06-02 06:02:51 +00:00

13 lines
654 B
YAML

---
- name: Generate & set random password for root
ansible.builtin.user:
name: root
create_home: false
# The rounds & salt MUST be set in the password_hash function if you don't want the task
# to return 'changed' every time the playbook runs, updating the /etc/passwd file each time. Fun!
# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/password_hash_filter.html
password: "{{ lookup('ansible.builtin.password', password_dir + '/' + ansible_hostname + '/root_password', length=20) | password_hash('sha512', rounds=16384, salt=8008135) }}"
update_password: always
become: true
become_method: sudo