Yacine/oracle_19_install
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e46d72e1c3168a14a0ee00c2447ac14dd3a6bec2
oracle_19_install/roles/oracle-db-preinstall/tasks/users_configuration.yml
Yacine31 e46d72e1c3 Implement clear text passwords with automatic hashing 
- Change passwords in group_vars/all.yml to clear text (Oracle123, Grid123)
- Use password_hash('sha512') filter in users_configuration.yml for automatic hashing
- Maintain same security level but with more readable and maintainable passwords
- Passwords are hashed automatically during playbook execution
2025-12-02 17:05:57 +01:00

74 lines
2.7 KiB
YAML
Raw Blame History

---
# ---------------------------------------------------
# CRéation des groupes
# ---------------------------------------------------
- name: Vérifier si les groupes existent
ansible.builtin.getent:
database: group
register: group_facts
ignore_errors: true
when: full_configuration |bool
tags: group
- name: Création des groupes (seulement si absents)
ansible.builtin.group:
name: "{{ item.group }}"
gid: "{{ item.gid }}"
state: present
loop:
- { group: oinstall, gid: 1001}
- { group: dba, gid: 1002 }
- { group: oper, gid: 1003 }
- { group: backupdba, gid: 1004 }
- { group: dgdba, gid: 1005 }
- { group: kmdba, gid: 1006 }
- { group: racdba, gid: 1007 }
- { group: asmadmin, gid: 1008 }
- { group: asmdba, gid: 1009 }
- { group: asmoper, gid: 1010 }
when: full_configuration |bool and item.group not in (group_facts.ansible_facts.getent_group | default({}))
tags: group
# ---------------------------------------------------
# Création des utilisateurs : password Oracle123 => full configuration
# ---------------------------------------------------
- name: Vérifier si les utilisateurs existent
ansible.builtin.getent:
database: passwd
register: user_facts
ignore_errors: true
when: full_configuration |bool
tags: user
- name: Création du compte Oracle et grid (seulement si absents)
ansible.builtin.user:
name: "{{ item.username }}"
group: "{{ item.primgroup }}"
groups: "{{ item.othergroups }}"
uid: "{{ item.uid }}"
generate_ssh_key: yes
append: yes
state: present
update_password: on_create
password: "{{ item.passwd }}"
loop:
- { username: oracle, uid: 1001, primgroup: oinstall, othergroups: "dba,asmdba,backupdba,dgdba,kmdba,racdba,oper", passwd: "{{ oracle_user_password | password_hash('sha512') }}" }
- { username: grid, uid: 1002, primgroup: oinstall, othergroups: "dba,asmdba,backupdba,dgdba,kmdba,racdba,asmoper,asmadmin", passwd: "{{ grid_user_password | password_hash('sha512') }}" }
when: full_configuration |bool and item.username not in (user_facts.ansible_facts.getent_passwd | default({}))
tags: user
# ---------------------------------------------------
# Ajout du compte oracle et grid au sudoers
# ---------------------------------------------------
- name: Ajout du compte oracle et grid au sudoers
ignore_errors: true
ansible.builtin.template:
src: sudoers.j2
dest: "/etc/sudoers.d/{{ item }}"
owner: root
mode: "0600"
loop:
- oracle
- grid
tags: sudoadd
Reference in New Issue View Git Blame Copy Permalink