Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add playbook update_bmc_user_password #383

Merged
merged 1 commit into from
Oct 30, 2024
Merged

Add playbook update_bmc_user_password #383

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
165 changes: 165 additions & 0 deletions ansible-playbooks/update_bmc_user_password.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,165 @@
---
- name: Update BMC User Password
hosts: localhost
connection: local
gather_facts: False
vars_prompt:
- name: ip
prompt: "Input the BMC IP address"
private: no
- name: login_account
prompt: "Input the BMC login user name"
private: no
- name: login_password
prompt: "Input the BMC login user password"
private: no
- name: username
prompt: "Input the name of BMC user to be updated(If not specified, the password of default BMC account will be updated)"
private: no
- name: new_password
prompt: "Input new password of BMC user"
private: no

tasks:
- name: Set login URL
set_fact:
login_host: "https://{{ ip }}"

- name: Login to BMC
uri:
url: "{{ login_host }}/redfish/v1/SessionService/Sessions"
method: POST
user: "{{ login_account }}"
password: "{{ login_password }}"
force_basic_auth: yes
body_format: json
body:
UserName: "{{ login_account }}"
Password: "{{ login_password }}"
return_content: yes
status_code: 201
validate_certs: no
register: login_response
failed_when: login_response.status != 201

- name: Set session headers
set_fact:
session_headers:
X-Auth-Token: "{{ login_response.x_auth_token }}"
Content-Type: "application/json"

- name: Determine account URL
set_fact:
target_account_url: "{{ account_url if account_url is defined and account_url is not none and account_url != '' else '/redfish/v1/AccountService/Accounts/1' }}"

- name: Update default BMC account password if no username specified
when: username is not defined or username is none or username == ''
uri:
url: "{{ login_host }}{{ target_account_url }}"
method: PATCH
headers: "{{ session_headers }}"
body_format: json
body:
Password: "{{ new_password }}"
status_code: [200, 204]
validate_certs: no
register: update_response
failed_when: update_response.status not in [200, 204]

- name: Get AccountService URL
when: username is defined and username is not none and username != ''
uri:
url: "{{ login_host }}/redfish/v1"
method: GET
headers: "{{ session_headers }}"
return_content: yes
status_code: 200
validate_certs: no
register: base_url_response
failed_when: base_url_response.status != 200

- name: Get Accounts URL
when: username is defined and username is not none and username != ''
uri:
url: "{{ login_host }}{{ base_url_response.json.AccountService['@odata.id'] }}"
method: GET
headers: "{{ session_headers }}"
return_content: yes
status_code: 200
validate_certs: no
register: account_service_response
failed_when: account_service_response.status != 200

- name: Get Accounts
when: username is defined and username is not none and username != ''
uri:
url: "{{ login_host }}{{ account_service_response.json.Accounts['@odata.id'] }}"
method: GET
headers: "{{ session_headers }}"
return_content: yes
status_code: 200
validate_certs: no
register: accounts_response
failed_when: accounts_response.status != 200

- name: Loop through accounts to get all accounts info
when: username is defined and username is not none and username != ''
uri:
url: "{{ login_host }}{{ item['@odata.id'] }}"
method: GET
headers: "{{ session_headers }}"
return_content: yes
status_code: 200
validate_certs: no
with_items: "{{ accounts_response.json.Members }}"
register: account_details
loop_control:
label: "{{ item['@odata.id'] }}"

- name: Find the account with the specified username
set_fact:
target_account: "{{ item }}"
loop: "{{ account_details.results }}"
when:
- username is defined and username is not none and username != ''
- item.json.UserName == username
loop_control:
label: "{{ item.json['@odata.id'] }}"

- name: Update the specified BMC user password
when: username is defined and username is not none and username != '' and target_account is defined
uri:
url: "{{ login_host }}{{ target_account.json['@odata.id'] }}"
method: PATCH
headers: "{{ session_headers | combine({'If-Match': target_account.json['@odata.etag'] | default('*')}) }}"
body_format: json
body:
Password: "{{ new_password }}"
status_code: [200, 204]
validate_certs: no
register: update_user_response
failed_when: update_user_response.status not in [200, 204]

- name: Logout from BMC
uri:
url: "{{ login_host }}{{ login_response.json['@odata.id'] }}"
method: DELETE
headers: "{{ session_headers }}"
status_code: 204
validate_certs: no
ignore_errors: yes

- name: Check if the specified username was found
when: username is defined and username is not none and username != '' and target_account is not defined
fail:
msg: "Specified BMC username '{{ username }}' doesn't exist. Please check whether the BMC username is correct."

- name: Display success message for specified user
when: username is defined and username is not none and username != '' and target_account is defined
debug:
msg: "The BMC user '{{ username }}' password is successfully updated."

- name: Display success message for default user
when: username is not defined or username is none or username == ''
debug:
msg: "The default BMC user password is successfully updated."