[libvirt-jenkins-ci PATCH 4/5] playbooks: gitlab: Force a random password for the root account
Erik Skultety
eskultet at redhat.com
Thu Mar 26 13:33:53 UTC 2020
Unlike with the 'test' flavour, where the 'test' user has sudo
permissions on the system, with machines set up with the 'gitlab'
flavour which are intended to contact the outside world which, we don't
want that. More importantly though, we must not use the default root
password which is set by the install script on such machines.
Therefore, set the root password to a random one as part of the gitlab
flavour task, thus only allowing SSH pubkey authentication for the root
account.
Signed-off-by: Erik Skultety <eskultet at redhat.com>
---
guests/playbooks/update/tasks/gitlab.yml | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/guests/playbooks/update/tasks/gitlab.yml b/guests/playbooks/update/tasks/gitlab.yml
index 9a30140..db27966 100644
--- a/guests/playbooks/update/tasks/gitlab.yml
+++ b/guests/playbooks/update/tasks/gitlab.yml
@@ -62,3 +62,7 @@
enabled: yes
when: ansible_service_mgr != 'systemd'
+- name: Set random root password for security reasons
+ user:
+ name: root
+ password: '{{ lookup("password","/dev/null encrypt=sha512_crypt") }}'
--
2.25.1
More information about the libvir-list
mailing list