From edfd0993eb41a7607fa0a6318056a3983a4d60fa Mon Sep 17 00:00:00 2001 From: "Glenn K. Lockwood" Date: Tue, 12 Sep 2017 22:36:01 -0700 Subject: [PATCH] disable pi user's password --- roles/common/tasks/main.yml | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 9a1436a..394bbc4 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -1,4 +1,16 @@ --- +### Switch to non-default user as soon as possible if possible +#- name: does primary login user exist? +# local_action: "command ssh -q -o ConnectTimeout=3 -l {{ create_users[0].name }} {{ inventory_hostname }} /bin/true" +# register: user_exists +# ignore_errors: true +# changed_when: false +# +#- name: switch remote_user if possible +# remote_user: "{{ user_exists | success | ternary(omit, create_users[0].name) }}" +# command: "/bin/true" +# changed_when: false + ### Set hostname - name: set hostname hostname: name={{ inventory_hostname }} @@ -82,4 +94,9 @@ with_items: "{{ create_users }}" tags: [ 'users' ] -### TODO: disable the 'pi' user somehow +### disable the 'pi' user's ability to login in with password +- name: disable 'pi' user + user: name="pi" + password="*" + state=present + tags: [ 'users' ]