Change the P12 and SSH passwords only for new users (#550)

2025-06-06 15:13:56 +02:00 · 2017-05-22 04:28:18 +02:00 · 2017-05-22 04:28:18 +02:00 · ee6db37428
commit ee6db37428
parent 40e0363b18
3 changed files with 5 additions and 2 deletions
--- a/roles/ssh_tunneling/tasks/main.yml
+++ b/roles/ssh_tunneling/tasks/main.yml
@ -37,6 +37,7 @@
        ssh_key_bits: 256
        ssh_key_comment: '{{ item }}@{{ IP_subject_alt_name }}'
        ssh_key_passphrase: "{{ easyrsa_p12_export_password }}"
+        update_password: on_create
        state: present
        append: yes
      with_items: "{{ users }}"
@ -82,7 +83,7 @@
      become: no
      with_items:
        - "{{ users }}"
-        
+
    - name: SSH | Get active system users
      shell: >
        getent group algo | cut -f4 -d: | sed "s/,/\n/g"
--- a/roles/vpn/tasks/openssl.yml
+++ b/roles/vpn/tasks/openssl.yml
@ -122,7 +122,9 @@
      -passout pass:"{{ easyrsa_p12_export_password }}"
    args:
      chdir: "configs/{{ IP_subject_alt_name }}/pki/"
+      creates: private/{{ item }}.p12
    with_items: "{{ users }}"
+    register: p12

  - name: Copy the p12 certificates
    copy:
--- a/users.yml
+++ b/users.yml
@ -62,7 +62,7 @@
        - debug:
            msg:
              - "{{ congrats.common.split('\n') }}"
-              - "    {{ congrats.p12_pass }}"
+              - "    {% if p12.changed %}{{ congrats.p12_pass }}{% endif %}"
          tags: always
      rescue:
        - debug: var=fail_hint