forked from IBM-Security/isam-ansible-playbook-sample
-
Notifications
You must be signed in to change notification settings - Fork 0
/
change_passwords.yml
59 lines (51 loc) · 2.89 KB
/
change_passwords.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
---
# Change Administrative Passwords for all super users
- hosts: all
connection: local
gather_facts: no
roles:
- role: start_config
tags: ["start"]
# Requires old and current password
- role: set_admin_pw
tags: ["admin", "password"]
# Get appliance facts using updated admin password
- role: get_firmware
# Update cn=root,SecAuthority=Default
- role: set_ldap_root_pw
tags: ["embedded_ldap", "root", "password"]
set_ldap_root_pw_password: "{{ embedded_ldap_pwd }}"
# Username/password Authentication Mechanism uses Embedded LDAP cn=root
- role: update_auth_mech
tags: ["authentication", "mechanism", "update"]
update_auth_mech_name: "Username Password"
update_auth_mech_uri: "urn:ibm:security:authentication:asf:mechanism:password"
update_auth_mech_typeName: "Username Password"
update_auth_mech_description: "Username password authentication"
update_auth_mech_attributes: "{{auth_mech_user_pwd_attributes | default(None)}}"
update_auth_mech_properties: "{{auth_mech_user_pwd_properties | default(None)}}"
update_auth_mech_predefined: True
when: auth_mech_user_pwd_attributes is defined and auth_mech_user_pwd_properties is defined and firmware_ret_obj is defined and ('mga' in firmware_ret_obj['ansible_facts']['activations'])
- role: set_ldap_user_pw
tags: ["embedded_ldap", "user", "password"]
set_ldap_user_pwd_id: "{{aac_userid | default(None)}}"
set_ldap_user_pwd_password: "{{aac_password | default(None)}}"
when: aac_userid is defined and aac_password is defined
# Update the BA credentials used within the appliance Reverse Proxy
- role: update_reverseproxy_conf
tags: ["reverseproxy", "update", "password"]
update_reverseproxy_conf_reverseproxy_id: "{{ reverseproxy_instance_name }}"
update_reverseproxy_conf_entries:
- {stanza_id: "tfim-cluster:oauth-cluster", entry_id: "basic-auth-user", value_id: "{{aac_userid}}" }
- {stanza_id: "tfim-cluster:oauth-cluster", entry_id: "basic-auth-passwd", value_id: "{{aac_password}}" }
- {stanza_id: "rtss-cluster:cluster1", entry_id: "basic-auth-user", value_id: "{{aac_userid}}" }
- {stanza_id: "rtss-cluster:cluster1", entry_id: "basic-auth-passwd", value_id: "{{aac_password}}" }
when: aac_userid is defined and aac_password is defined and firmware_ret_obj is defined and ('wga' in firmware_ret_obj['ansible_facts']['activations'])
# Requires old and current password
- role: execute_pdadmin
tags: ["pdadmin", "sec_master", "password"]
execute_pdadmin_isamuser: "{{sec_master_id}}"
execute_pdadmin_isampwd: "{{sec_master_old_pwd}}"
execute_pdadmin_commands:
- "user modify {{sec_master_id}} password {{sec_master_pwd}}"
when: sec_master_old_pwd is defined and sec_master_pwd is defined and sec_master_id is defined