Added a playbook to lock and expire the bootstrap user on all nodes.

cfe-lab · Dec 7, 2023 · 363a7f5 · 363a7f5
1 parent 4067f82
commit 363a7f5
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 4 deletions.
diff --git a/cluster-setup/README.md b/cluster-setup/README.md
@@ -155,7 +155,8 @@ compute node as part of a subsequent playbook.)
 
 From here, you can lock and expire the `ubuntu` user and start using one of the just-imported accounts,
 if you have one.  Make sure that your uploaded `cluster-setup` directory is accessible by
-the account you're using if you do so.
+the account you're using if you do so.  The `lock_bootstrap_user.yaml` playbook can do this;
+modify the `user_name` variable if necessary.
 
 ### Get SSL credentials for the webserver
 

diff --git a/cluster-setup/deployment/inventory_octomore.ini b/cluster-setup/deployment/inventory_octomore.ini
@@ -15,7 +15,7 @@ localhost
 # b04
 b05
 # b06
-# b07a
+b07a
 # b07b
-# b08a
-# b08b
+b08a
+b08b
diff --git a/cluster-setup/deployment/lock_bootstrap_user.yaml b/cluster-setup/deployment/lock_bootstrap_user.yaml
@@ -0,0 +1,12 @@
+---
+
+- name: lock and expire the bootstrap user
+  hosts: all
+  vars:
+    user_name: ubuntu
+  tasks:
+    - name: lock and expire the user
+      user:
+        name: "{{ user_name }}"
+        password_lock: true
+        expires: 1
-Original file line number
+Diff line change
@@ Expand Up / @@ -15,7 +15,7 @@ localhost @@
     # b04
     b05
     # b06
-    # b07a
+    b07a
     # b07b
-    # b08a
-    # b08b
+    b08a
+    b08b