From c19565b071a1db8de6921892c201865b33d78b56 Mon Sep 17 00:00:00 2001 From: Marc-Antoine Godde <marc-antoine.godde@student-cs.fr> Date: Mon, 12 Sep 2022 14:42:49 +0200 Subject: [PATCH] Remove secrets from initial-deploy playbooks --- ansible.cfg.script | 2 +- roles/user-provisioning/user-provisioning/tasks/main.yml | 5 ----- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/ansible.cfg.script b/ansible.cfg.script index e435287..21dcbd5 100644 --- a/ansible.cfg.script +++ b/ansible.cfg.script @@ -140,7 +140,7 @@ callback_whitelist = timer, profile_tasks # If set, configures the path to the Vault password file as an alternative to # specifying --vault-password-file on the command line. -vault_password_file = ./vault/passwords +#vault_password_file = ./vault/passwords # format of string {{ ansible_managed }} available within Jinja2 # templates indicates to users editing templates files will be replaced. diff --git a/roles/user-provisioning/user-provisioning/tasks/main.yml b/roles/user-provisioning/user-provisioning/tasks/main.yml index f2fe29c..a922870 100644 --- a/roles/user-provisioning/user-provisioning/tasks/main.yml +++ b/roles/user-provisioning/user-provisioning/tasks/main.yml @@ -33,11 +33,6 @@ include_tasks: default-user.yml when: remove_default_user -- name: Set the root password - user: - name: root - password: "{{ root_password_hash }}" - - name: Restrict SSH root access block: - name: Remove root SSH keys if some are present -- GitLab