[libvirt-jenkins-ci PATCH 4/5] playbooks: gitlab: Force a random password for the root account

Thursday, 26 March 2020

Unlike with the 'test' flavour, where the 'test' user has sudo
permissions on the system, with machines set up with the 'gitlab'
flavour which are intended to contact the outside world which, we don't
want that. More importantly though, we must not use the default root
password which is set by the install script on such machines.
Therefore, set the root password to a random one as part of the gitlab
flavour task, thus only allowing SSH pubkey authentication for the root
account.

Signed-off-by: Erik Skultety <eskultet(a)redhat.com&gt;
---
 guests/playbooks/update/tasks/gitlab.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/guests/playbooks/update/tasks/gitlab.yml
b/guests/playbooks/update/tasks/gitlab.yml
index 9a30140..db27966 100644
--- a/guests/playbooks/update/tasks/gitlab.yml
+++ b/guests/playbooks/update/tasks/gitlab.yml
@@ -62,3 +62,7 @@
         enabled: yes
   when: ansible_service_mgr != 'systemd'
 
+- name: Set random root password for security reasons
+  user:
+    name: root
+    password: '{{ lookup("password","/dev/null
encrypt=sha512_crypt") }}'
-- 
2.25.1


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[libvirt-jenkins-ci PATCH 4/5] playbooks: gitlab: Force a random password for the root account