Update password generation method.

MaxBed4d · MaxBed4d · commit 0d10560399b8 · 2024-07-19T09:35:57.000+01:00
diff --git a/etc/kayobe/ansible/scripts/pwgen.py b/etc/kayobe/ansible/scripts/pwgen.py
diff --git a/etc/kayobe/ansible/templates/wazuh-secrets.yml.j2 b/etc/kayobe/ansible/templates/wazuh-secrets.yml.j2
@@ -7,7 +7,7 @@ secrets_wazuh:
   # Strengthen default wazuh api user pass
   wazuh_api_users:
     - username: "wazuh"
-      password: "{{ secrets_wazuh.wazuh_api_users[0].password | default(wazuh_password) }}"
+      password: "{{ secrets_wazuh.wazuh_api_users[0].password | default(lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1, length=30)) }}"
   # OpenSearch 'admin' user pass
   opendistro_admin_password: "{{ secrets_wazuh.opendistro_admin_password | default(lookup('password', '/dev/null'), true) }}"
   # OpenSearch 'kibanaserver' user pass
diff --git a/etc/kayobe/ansible/wazuh-secrets.yml b/etc/kayobe/ansible/wazuh-secrets.yml
@@ -14,17 +14,6 @@
         path: "{{ wazuh_secrets_path | dirname }}"
         state: directory
 
-    - name: Generate a random password which meets the Wazuh password requirements
-      no_log: True
-      command:  
-        cmd: python3 scripts/pwgen.py
-      register: random_password
-
-    - name: Store the valid password
-      no_log: True
-      set_fact:
-        wazuh_password: "{{ random_password.stdout }}"
-
     - name: Template new secrets
       no_log: True
       template:
@@ -37,5 +26,4 @@
         dest: "{{ wazuh_secrets_path }}"
         decrypt: false
       vars:
-       ansible_vault_password: "{{ lookup('ansible.builtin.env', 'KAYOBE_VAULT_PASSWORD') }}"
-
+        ansible_vault_password: "{{ lookup('ansible.builtin.env', 'KAYOBE_VAULT_PASSWORD') }}"
