diff --git a/roles/hosts/tasks/main.yml b/roles/hosts/tasks/main.yml index ee3bf1172..804516bcc 100644 --- a/roles/hosts/tasks/main.yml +++ b/roles/hosts/tasks/main.yml @@ -5,15 +5,15 @@ new_name: "{{ tower_hosts_item.new_name | default(omit) }}" description: "{{ tower_hosts_item.description | default('') }}" inventory: "{{ tower_hosts_item.inventory }}" - enabled: "{{ tower_hosts_item.enabled | default(True) }}" + enabled: "{{ tower_hosts_item.enabled | default(true) }}" state: "{{ tower_hosts_item.state | default(tower_state | default('present')) }}" variables: "{{ tower_hosts_item.variables | default(omit) }}" tower_host: "{{ tower_hostname }}" - tower_username: "{{ tower_username | default('admin') }}" - tower_password: "{{ tower_password }}" + tower_username: "{{ tower_username | default(omit) }}" + tower_password: "{{ tower_password | default(omit) }}" tower_oauthtoken: "{{ tower_oauthtoken | default(omit) }}" tower_config_file: "{{ tower_config_file | default(omit) }}" - tower_verify_ssl: "{{ tower_verify_ssl | default('false') }}" + tower_verify_ssl: "{{ tower_verify_ssl | default(false) }}" loop: "{{ tower_hosts }}" loop_control: loop_var: tower_hosts_item diff --git a/roles/users/defaults/main.yml b/roles/users/defaults/main.yml index b5763c0d4..3e1c03dc6 100644 --- a/roles/users/defaults/main.yml +++ b/roles/users/defaults/main.yml @@ -23,4 +23,8 @@ tower_user_accounts: [] # is_auditor: false # optional, boolean # state: present # optional, choices: present, absent +# if you're too lazy to give your users a password, this is the default they will get +# set this variable to something false and there won't be a default password +tower_user_default_password: "change_me" + tower_configuration_users_secure_logging: "{{tower_configuration_secure_logging | default(false)}}" diff --git a/roles/users/tasks/main.yml b/roles/users/tasks/main.yml index fca24a783..971eb0812 100644 --- a/roles/users/tasks/main.yml +++ b/roles/users/tasks/main.yml @@ -3,18 +3,19 @@ awx.awx.tower_user: auditor: "{{ tower_user_accounts_item.is_auditor | default(tower_user_accounts_item.is_system_auditor | default('false')) }}" username: "{{ tower_user_accounts_item.user | default(tower_user_accounts_item.username) }}" - password: "{{ tower_user_accounts_item.password | default('change_me') }}" - email: "{{ tower_user_accounts_item.email | default('rhpds-admins@redhat.com') }}" + # the 'true' in the second default leads to no password being set if the default password is empty + password: "{{ tower_user_accounts_item.password | default(tower_user_default_password | default(omit, true)) }}" + email: "{{ tower_user_accounts_item.email | default(omit) }}" first_name: "{{ tower_user_accounts_item.firstname | default(tower_user_accounts_item.first_name | default(omit)) }}" last_name: "{{ tower_user_accounts_item.lastname | default(tower_user_accounts_item.last_name | default(omit)) }}" - superuser: "{{ tower_user_accounts_item.is_superuser | default('false') }}" - update_secrets: "{{ tower_user_accounts_item.update_secrets | default('true') }}" - state: "{{ tower_user_accounts_item.state | default(tower_state | default('present')) }}" + is_superuser: "{{ tower_user_accounts_item.is_superuser | default(tower_user_accounts_item.superuser | default(omit)) }}" + update_secrets: "{{ tower_user_accounts_item.update_secrets | default(omit) }}" + state: "{{ tower_user_accounts_item.state | default(tower_state | default(omit)) }}" tower_host: "{{ tower_hostname }}" - tower_username: "{{ tower_username | default('admin') }}" - tower_password: "{{ tower_password }}" + tower_username: "{{ tower_username | default(omit) }}" + tower_password: "{{ tower_password | default(omit) }}" tower_oauthtoken: "{{ tower_oauthtoken | default(omit) }}" - tower_verify_ssl: "{{ tower_verify_ssl | default('false') }}" + tower_verify_ssl: "{{ tower_verify_ssl | default(false) }}" tower_config_file: "{{ tower_config_file | default(omit) }}" loop: "{{ tower_user_accounts }}" loop_control: