Yacine/oracle_19_install
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implement clear text passwords with automatic hashing

Browse Source 
- Change passwords in group_vars/all.yml to clear text (Oracle123, Grid123)
- Use password_hash('sha512') filter in users_configuration.yml for automatic hashing
- Maintain same security level but with more readable and maintainable passwords
- Passwords are hashed automatically during playbook execution
This commit is contained in:
Yacine31
2025-12-02 17:05:57 +01:00
parent f32816ee0d
commit e46d72e1c3
2 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
roles/oracle-db-preinstall/tasks/users_configuration.yml
View File

@@ -52,8 +52,8 @@
update_password: on_create
password: "{{ item.passwd }}"
loop:
- { username: oracle, uid: 1001, primgroup: oinstall, othergroups: "dba,asmdba,backupdba,dgdba,kmdba,racdba,oper", passwd: "{{ oracle_user_password }}" }
- { username: grid, uid: 1002, primgroup: oinstall, othergroups: "dba,asmdba,backupdba,dgdba,kmdba,racdba,asmoper,asmadmin", passwd: "{{ grid_user_password }}" }
- { username: oracle, uid: 1001, primgroup: oinstall, othergroups: "dba,asmdba,backupdba,dgdba,kmdba,racdba,oper", passwd: "{{ oracle_user_password | password_hash('sha512') }}" }
- { username: grid, uid: 1002, primgroup: oinstall, othergroups: "dba,asmdba,backupdba,dgdba,kmdba,racdba,asmoper,asmadmin", passwd: "{{ grid_user_password | password_hash('sha512') }}" }
when: full_configuration |bool and item.username not in (user_facts.ansible_facts.getent_passwd | default({}))
tags: user