From 2b875db573398d7ae634ffd7c143461f39646ac2 Mon Sep 17 00:00:00 2001 From: Joao Victor Portal Date: Mon, 7 Nov 2022 18:34:43 -0300 Subject: [PATCH] Fix first password change in Ansible for Debian For Debian, when the user is prompted to change the password on first login, the strings printed are different from CentOS: Debian prints "Current password" while CentOS prints "(current) UNIX password". This difference cause some Ansible tasks that change password to fail. The same problem was corrected for LDAP in https://review.opendev.org/c/starlingx/ansible-playbooks/+/863699 . One of the cases where the password is changed by Ansible tasks is during bootstrap of a subcloud using Redfish Platform Management Service. Test Plan: PASS: Successfully bootstrap a subcloud using Redfish, checking in the Ansible log that the first password was successfully changed. Closes-Bug: 1996196 Signed-off-by: Joao Victor Portal Change-Id: Id3b47224ceb66f834356a37c5746ca1890f6b6bb --- examples/remote/sample_secrets.yml | 1 + .../src/playbooks/host_vars/backup-restore/default.yml | 4 ++++ playbookconfig/src/playbooks/host_vars/bootstrap/default.yml | 4 ++++ .../src/playbooks/host_vars/upgrade-platform/default.yml | 4 ++++ playbookconfig/src/playbooks/validate_host.yml | 1 + 5 files changed, 14 insertions(+) diff --git a/examples/remote/sample_secrets.yml b/examples/remote/sample_secrets.yml index b2f0011ac..2e0a086b5 100644 --- a/examples/remote/sample_secrets.yml +++ b/examples/remote/sample_secrets.yml @@ -18,6 +18,7 @@ vault_password_change_responses: yes/no: 'yes' sysadmin*: 'sysadmin' \(current\) UNIX password: 'sysadmin' + Current password: 'sysadmin' (?i)New password: 'Boot5trap*' (?i)Retype new password: 'Boot5trap*' diff --git a/playbookconfig/src/playbooks/host_vars/backup-restore/default.yml b/playbookconfig/src/playbooks/host_vars/backup-restore/default.yml index de3b587d7..e5c272e7c 100644 --- a/playbookconfig/src/playbooks/host_vars/backup-restore/default.yml +++ b/playbookconfig/src/playbooks/host_vars/backup-restore/default.yml @@ -23,10 +23,14 @@ admin_password: St8rlingX* # password_change: false +# The expected password strings differ between CentOS and Debian. The string +# "(current) UNIX password" is found only in CentOS, while the string "Current +# Password" is found only in Debian. password_change_responses: yes/no: 'yes' sysadmin*: 'sysadmin' \(current\) UNIX password: 'sysadmin' + Current password: 'sysadmin' (?i)New password: 'St8rlingX*' (?i)Retype new password: 'St8rlingX*' diff --git a/playbookconfig/src/playbooks/host_vars/bootstrap/default.yml b/playbookconfig/src/playbooks/host_vars/bootstrap/default.yml index 01b2fc471..af17d58cf 100644 --- a/playbookconfig/src/playbooks/host_vars/bootstrap/default.yml +++ b/playbookconfig/src/playbooks/host_vars/bootstrap/default.yml @@ -394,10 +394,14 @@ admin_password: St8rlingX* # password_change: false +# The expected password strings differ between CentOS and Debian. The string +# "(current) UNIX password" is found only in CentOS, while the string "Current +# Password" is found only in Debian. password_change_responses: yes/no: 'yes' sysadmin*: 'sysadmin' \(current\) UNIX password: 'sysadmin' + Current password: 'sysadmin' (?i)New password: 'St8rlingX*' (?i)Retype new password: 'St8rlingX*' diff --git a/playbookconfig/src/playbooks/host_vars/upgrade-platform/default.yml b/playbookconfig/src/playbooks/host_vars/upgrade-platform/default.yml index f4fa833db..ac57ba103 100644 --- a/playbookconfig/src/playbooks/host_vars/upgrade-platform/default.yml +++ b/playbookconfig/src/playbooks/host_vars/upgrade-platform/default.yml @@ -12,10 +12,14 @@ # password_change: false +# The expected password strings differ between CentOS and Debian. The string +# "(current) UNIX password" is found only in CentOS, while the string "Current +# Password" is found only in Debian. password_change_responses: yes/no: 'yes' sysadmin*: 'sysadmin' \(current\) UNIX password: 'sysadmin' + Current password: 'sysadmin' (?i)New password: 'St8rlingX*' (?i)Retype new password: 'St8rlingX*' diff --git a/playbookconfig/src/playbooks/validate_host.yml b/playbookconfig/src/playbooks/validate_host.yml index ed26e058e..2585912ac 100644 --- a/playbookconfig/src/playbooks/validate_host.yml +++ b/playbookconfig/src/playbooks/validate_host.yml @@ -23,6 +23,7 @@ yes/no: 'yes' sysadmin*: 'sysadmin' \(current\) UNIX password: 'sysadmin' + Current password: 'sysadmin' (?i)New password: "{{ ansible_ssh_pass }}" (?i)Retype new password: "{{ ansible_ssh_pass }}"