Created
October 23, 2024 00:19
-
-
Save dmc5179/51558320f9c6aef0a455f0a2b20a2023 to your computer and use it in GitHub Desktop.
Ansible playbook to reset the kubeadmin password of an OpenShift 4 cluster
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # https://access.redhat.com/solutions/4845381 | |
| # https://access.redhat.com/solutions/6985513 | |
| # ############## | |
| # https://access.redhat.com/solutions/5286371 | |
| - hosts: all | |
| vars: | |
| ansible_ssh_private_key_file: /home/ec2-user/.ssh/id_rsa_ocp.pem | |
| #ansible_connection: ssh | |
| ansible_user: core | |
| #ansible_become: true | |
| ansible_become_method: sudo | |
| ansible_become_user: root | |
| new_kubeadmin_pass: "bxYJn-jvZBy-viWJi-HGxZA" | |
| tasks: | |
| - name: Install httpd-tools for htpasswd command | |
| become: true | |
| delegate_to: localhost | |
| dnf: | |
| name: httpd-tools | |
| state: present | |
| - name: Store file into /tmp/fetched/host.example.com/tmp/somefile | |
| become: true | |
| ansible.builtin.fetch: | |
| src: /etc/kubernetes/static-pod-resources/kube-apiserver-certs/secrets/node-kubeconfigs/lb-ext.kubeconfig | |
| dest: /tmp/lb-ext.kubeconfig | |
| flat: true | |
| # - name: Get kubeadmin secret | |
| # delegate_to: localhost | |
| # kubernetes.core.k8s_info: | |
| # kubeconfig: /tmp/lb-ext.kubeconfig | |
| # validate_certs: false | |
| # api_version: v1 | |
| # kind: Secret | |
| # name: kubeadmin | |
| # namespace: kube-system | |
| # register: kubeadmin_info | |
| # - name: set kubeadmin fact | |
| # set_fact: | |
| # kubeadmin_pass: "{{ kubeadmin_info.resources[0].data.kubeadmin | b64decode | trim }}" | |
| # - name: Show kubeadmin | |
| # debug: | |
| # var: kubeadmin_pass | |
| - name: Generate new kubeadmin password hash | |
| delegate_to: localhost | |
| command: htpasswd -bnBC 10 "" "{{ new_kubeadmin_pass }}" | |
| register: new_kubeadmin_pass_encoded | |
| - name: Set base64 encoded new kubeadmin passwd | |
| set_fact: | |
| new_kubeadmin_pass_b64: "{{ new_kubeadmin_pass_encoded.stdout[1:] | b64encode }}" | |
| - name: Show new kubeadmin ecoded passwd | |
| debug: | |
| var: new_kubeadmin_pass_encoded | |
| - name: Show new kubeadmin ecoded passwd | |
| debug: | |
| var: new_kubeadmin_pass_b64 | |
| - name: Set new kubeadmin password in clude | |
| delegate_to: localhost | |
| environment: | |
| KUBECONFIG: /tmp/lb-ext.kubeconfig | |
| shell: >- | |
| oc patch -n kube-system secret/kubeadmin --patch '{"data": {"kubeadmin": "{{new_kubeadmin_pass_b64}}"}}' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment