From c19565b071a1db8de6921892c201865b33d78b56 Mon Sep 17 00:00:00 2001
From: Marc-Antoine Godde <marc-antoine.godde@student-cs.fr>
Date: Mon, 12 Sep 2022 14:42:49 +0200
Subject: [PATCH] Remove secrets from initial-deploy playbooks

---
 ansible.cfg.script                                       | 2 +-
 roles/user-provisioning/user-provisioning/tasks/main.yml | 5 -----
 2 files changed, 1 insertion(+), 6 deletions(-)

diff --git a/ansible.cfg.script b/ansible.cfg.script
index e435287..21dcbd5 100644
--- a/ansible.cfg.script
+++ b/ansible.cfg.script
@@ -140,7 +140,7 @@ callback_whitelist = timer, profile_tasks
 
 # If set, configures the path to the Vault password file as an alternative to
 # specifying --vault-password-file on the command line.
-vault_password_file = ./vault/passwords
+#vault_password_file = ./vault/passwords
 
 # format of string {{ ansible_managed }} available within Jinja2
 # templates indicates to users editing templates files will be replaced.
diff --git a/roles/user-provisioning/user-provisioning/tasks/main.yml b/roles/user-provisioning/user-provisioning/tasks/main.yml
index f2fe29c..a922870 100644
--- a/roles/user-provisioning/user-provisioning/tasks/main.yml
+++ b/roles/user-provisioning/user-provisioning/tasks/main.yml
@@ -33,11 +33,6 @@
   include_tasks: default-user.yml
   when: remove_default_user
 
-- name: Set the root password
-  user:
-    name: root
-    password: "{{ root_password_hash }}"
-
 - name: Restrict SSH root access
   block:
     - name: Remove root SSH keys if some are present
-- 
GitLab