IPA: set the expiration date for the admin user

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2020-10-20 11:21:29 +02:00 · 2020-10-20 11:21:29 +02:00 · 33452ed8f9
commit 33452ed8f9
parent a460c9ae61
1 changed files with 16 additions and 0 deletions
--- a/roles/ipa/server/tasks/main.yml
+++ b/roles/ipa/server/tasks/main.yml
@ -159,6 +159,19 @@
  - ipa/server
  - config

+- name: Set the expiration date for the admin user
+  ipauser:
+    name: admin
+    password: "{{ ipa_admin_password }}"
+    # Password expiration date will be a Friday 13th in 30 years. I'm sure we'll remember that.
+    passwordexpiration: "2050-05-13 00:00:00"
+    update_password: on_create
+    ipaadmin_password: "{{ ipa_admin_password }}"
+  tags:
+  - ipa/server
+  - config
+  when: ipa_initial
+
 - name: Get admin ticket
  shell: echo "{{ipa_admin_password}}" | kinit admin
  tags:
@ -347,6 +360,9 @@
 - name: Register the proper noggin admin password
  set_fact:
    noggin_password: "{{ (env == 'production')|ternary(noggin_admin_password, noggin_stg_admin_password) }}"
+  tags:
+  - ipa/server
+  - config

 - name: Create noggin user
  ipa_user: