From f32816ee0dc00f36f060c9c299c395d4bc14e864 Mon Sep 17 00:00:00 2001
From: Yacine31 <yacine.oumghar@gmail.com>
Date: Tue, 2 Dec 2025 17:03:31 +0100
Subject: [PATCH] Implement user password management in variables

- Add oracle_user_password and grid_user_password to group_vars/all.yml
- Update users_configuration.yml to use password variables instead of hardcoded hashes
- Enable centralized password management for system users
- Keep passwords as clear text variables (no encryption needed for this use case)
---
 group_vars/all.yml                                       | 6 +++++-
 roles/oracle-db-preinstall/tasks/users_configuration.yml | 4 ++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/group_vars/all.yml b/group_vars/all.yml
index e202ac7..66e900e 100644
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -14,4 +14,8 @@ oracle_fra: "/u03/fast_recovery_area/"
 full_configuration: true
 secure_configuration: false
 
-scripts_dir: "/home/oracle/scripts"
\ No newline at end of file
+scripts_dir: "/home/oracle/scripts"
+
+# Mots de passe utilisateurs système (hashés pour /etc/shadow)
+oracle_user_password: "$6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0"
+grid_user_password: "$6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0"
\ No newline at end of file
diff --git a/roles/oracle-db-preinstall/tasks/users_configuration.yml b/roles/oracle-db-preinstall/tasks/users_configuration.yml
index e599509..ebf00df 100644
--- a/roles/oracle-db-preinstall/tasks/users_configuration.yml
+++ b/roles/oracle-db-preinstall/tasks/users_configuration.yml
@@ -52,8 +52,8 @@
       update_password: on_create
       password: "{{ item.passwd }}"
     loop:
-    - { username: oracle, uid: 1001, primgroup: oinstall, othergroups: "dba,asmdba,backupdba,dgdba,kmdba,racdba,oper", passwd: "$6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0"}
-    - { username: grid, uid: 1002, primgroup: oinstall, othergroups: "dba,asmdba,backupdba,dgdba,kmdba,racdba,asmoper,asmadmin", passwd: "$6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0"}
+       - { username: oracle, uid: 1001, primgroup: oinstall, othergroups: "dba,asmdba,backupdba,dgdba,kmdba,racdba,oper", passwd: "{{ oracle_user_password }}" }
+       - { username: grid, uid: 1002, primgroup: oinstall, othergroups: "dba,asmdba,backupdba,dgdba,kmdba,racdba,asmoper,asmadmin", passwd: "{{ grid_user_password }}" }
     when: full_configuration |bool and item.username not in (user_facts.ansible_facts.getent_passwd | default({}))
     tags: user